nvd-json-data-feeds/CVE-2024/CVE-2024-365xx/CVE-2024-36508.json

{
  "id": "CVE-2024-36508",
  "sourceIdentifier": "psirt@fortinet.com",
  "published": "2025-02-11T17:15:22.393",
  "lastModified": "2025-02-11T17:15:22.393",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 CLI allows an authenticated admin user with diagnose privileges to delete files on the system."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de limitaci\u00f3n incorrecta de una ruta de acceso a un directorio restringido ('Path Traversal') [CWE-22] en Fortinet FortiManager versi\u00f3n 7.4.0 a 7.4.2 y anteriores a 7.2.5 y Fortinet FortiAnalyzer versi\u00f3n 7.4.0 a 7.4.2 y anteriores a 7.2.5 CLI permite que un usuario administrador autenticado con privilegios de diagn\u00f3stico elimine archivos en el sistema."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "psirt@fortinet.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.2
      }
    ]
  },
  "weaknesses": [
    {
      "source": "psirt@fortinet.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-147",
      "source": "psirt@fortinet.com"
    }
  ]
}
Auto-Update: 2025-02-11T19:01:10.605608+00:00 2025-02-11 19:04:39 +00:00			`{`
			`"id": "CVE-2024-36508",`
			`"sourceIdentifier": "psirt@fortinet.com",`
			`"published": "2025-02-11T17:15:22.393",`
			`"lastModified": "2025-02-11T17:15:22.393",`
Auto-Update: 2025-02-16T03:00:21.640882+00:00 2025-02-16 03:03:51 +00:00			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2025-02-11T19:01:10.605608+00:00 2025-02-11 19:04:39 +00:00			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 CLI allows an authenticated admin user with diagnose privileges to delete files on the system."`
Auto-Update: 2025-02-16T03:00:21.640882+00:00 2025-02-16 03:03:51 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "Una vulnerabilidad de limitaci\u00f3n incorrecta de una ruta de acceso a un directorio restringido ('Path Traversal') [CWE-22] en Fortinet FortiManager versi\u00f3n 7.4.0 a 7.4.2 y anteriores a 7.2.5 y Fortinet FortiAnalyzer versi\u00f3n 7.4.0 a 7.4.2 y anteriores a 7.2.5 CLI permite que un usuario administrador autenticado con privilegios de diagn\u00f3stico elimine archivos en el sistema."`
Auto-Update: 2025-02-11T19:01:10.605608+00:00 2025-02-11 19:04:39 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "psirt@fortinet.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",`
			`"baseScore": 6.0,`
			`"baseSeverity": "MEDIUM",`
			`"attackVector": "LOCAL",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "HIGH",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH"`
			`},`
			`"exploitabilityScore": 0.8,`
			`"impactScore": 5.2`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "psirt@fortinet.com",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-22"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-147",`
			`"source": "psirt@fortinet.com"`
			`}`
			`]`
			`}`