The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-24-259 advisory.

  - A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder     versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0     through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0     through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets.
    (CVE-2024-48885)

  - A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager     versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5     through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through     7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0     through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to trigger an escalation of     privilege via specially crafted packets. (CVE-2024-48884)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Fortinet Fortigate Path traversal in csfd daemon (FG-IR-24-259)

critical Nessus Plugin ID 214079

Version 1.4