Lucene search

[email protected]NVD:CVE-2024-21753

HistorySep 10, 2024 - 3:15 p.m.

CVE-2024-21753

2024-09-1015:15:14

CWE-22

[email protected]

web.nvd.nist.gov

pathname restriction

forticlientems

denial of service

http requests

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H

EPSS

0.001

Percentile

17.0%

JSON

A improper limitation of a pathname to a restricted directory (‘path traversal’) in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or write a limited number of files via specially crafted HTTP requests

Affected configurations

Nvd

Node

fortinetforticlient_endpoint_management_serverRange1.2.1–1.2.5

fortinetforticlient_endpoint_management_serverRange6.0.0–6.0.8

fortinetforticlient_endpoint_management_serverRange6.2.0–6.2.9

fortinetforticlient_endpoint_management_serverRange6.4.0–6.4.9

fortinetforticlient_endpoint_management_serverRange7.0.0–7.0.13

fortinetforticlient_endpoint_management_serverRange7.2.0–7.2.4

VendorProductVersionCPE
fortinetforticlient_endpoint_management_server*cpe:2.3:a:fortinet:forticlient_endpoint_management_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	forticlient_endpoint_management_server	*	cpe:2.3:a:fortinet:forticlient_endpoint_management_server::::::::

References

fortiguard.fortinet.com/psirt/FG-IR-23-362

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H

EPSS

0.001

Percentile

17.0%

JSON

Related for NVD:CVE-2024-21753

cve1 cvelist1 vulnrichment1 nessus1