What is the severity of CVE-2024-32117?

CVE-2024-32117 is a high severity vulnerability that allows a privileged attacker to read arbitrary files from the system.

How do I fix CVE-2024-32117?

To mitigate CVE-2024-32117, upgrade FortiManager or FortiAnalyzer to the latest recommended version indicated in the vendor's advisory.

Which versions are affected by CVE-2024-32117?

CVE-2024-32117 affects multiple versions of FortiManager and FortiAnalyzer including versions up to 7.4.2.

What type of vulnerability is CVE-2024-32117?

CVE-2024-32117 is classified as a Path Traversal vulnerability, allowing unauthorized access to files.

Who is impacted by CVE-2024-32117?

Organizations using vulnerable versions of FortiManager or FortiAnalyzer are at risk due to CVE-2024-32117.

Vulnerability/
CVE-2024-32117

medium

4.9

CWE

12/11/2024

21/1/2025

CVE-2024-32117: Arbitrary file read in administrative interface

First published: Tue Nov 12 2024(Updated: )

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiManager, FortiAnalyzer & FortiAnalyzer-BigData may allow a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiAnalyzer	>=6.2.0<7.2.6
Fortinet FortiAnalyzer	>=7.4.0<7.4.3
Fortinet FortiAnalyzer BigData	>=6.2.1<7.2.8
Fortinet FortiAnalyzer BigData	=7.4.0
Fortinet FortiManager	>=6.2.0<7.2.6
Fortinet FortiManager	>=7.4.0<7.4.3
Fortinet FortiAnalyzer	>=7.4.0<=7.4.2
Fortinet FortiAnalyzer	>=7.2.0<=7.2.5
Fortinet FortiAnalyzer	>=7.0
Fortinet FortiAnalyzer	>=6.4
Fortinet FortiAnalyzer	>=6.2
Fortinet FortiAnalyzer	=.
Fortinet FortiAnalyzer	>=7.2.0<=7.2.7
Fortinet FortiAnalyzer	>=7.0
Fortinet FortiAnalyzer	>=6.4
Fortinet FortiAnalyzer	>=6.2
Fortinet FortiManager	>=7.4.0<=7.4.2
Fortinet FortiManager	>=7.2.0<=7.2.5
Fortinet FortiManager	>=7.0
Fortinet FortiManager	>=6.4
Fortinet FortiManager	>=6.2

Remedy

Please upgrade to FortiManager version 7.4.3 or above Please upgrade to FortiManager version 7.2.6 or above Please upgrade to FortiAnalyzer version 7.4.3 or above Please upgrade to FortiAnalyzer version 7.2.6 or above Please upgrade to FortiAnalyzer-BigData version 7.4.1 or above Please upgrade to FortiAnalyzer-BigData version 7.2.8 or above

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-32117?
CVE-2024-32117 is a high severity vulnerability that allows a privileged attacker to read arbitrary files from the system.
How do I fix CVE-2024-32117?
To mitigate CVE-2024-32117, upgrade FortiManager or FortiAnalyzer to the latest recommended version indicated in the vendor's advisory.
Which versions are affected by CVE-2024-32117?
CVE-2024-32117 affects multiple versions of FortiManager and FortiAnalyzer including versions up to 7.4.2.
What type of vulnerability is CVE-2024-32117?
CVE-2024-32117 is classified as a Path Traversal vulnerability, allowing unauthorized access to files.
Who is impacted by CVE-2024-32117?
Organizations using vulnerable versions of FortiManager or FortiAnalyzer are at risk due to CVE-2024-32117.

collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2024-32117
agent/first-publish-date
agent/title
agent/remedy
agent/references
agent/type
agent/description
agent/author
agent/severity
agent/event
collector/mitre-cve
source/MITRE
agent/source
agent/last-modified-date
agent/weakness
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/fortiguard-psirt
vendor/fortinet
canonical/fortinet fortianalyzer
version/fortinet fortianalyzer/6.2.0
version/fortinet fortianalyzer/7.4.0
canonical/fortinet fortianalyzer bigdata
version/fortinet fortianalyzer bigdata/6.2.1
version/fortinet fortianalyzer bigdata/7.4.0
canonical/fortinet fortimanager
version/fortinet fortimanager/6.2.0
version/fortinet fortimanager/7.4.0
version/fortinet fortianalyzer/7.4.2
version/fortinet fortianalyzer/7.2.0
version/fortinet fortianalyzer/7.2.5
version/fortinet fortianalyzer/7.0
version/fortinet fortianalyzer/6.4
version/fortinet fortianalyzer/6.2
version/fortinet fortianalyzer/.
version/fortinet fortianalyzer/7.2.7
version/fortinet fortimanager/7.4.2
version/fortinet fortimanager/7.2.0
version/fortinet fortimanager/7.2.5
version/fortinet fortimanager/7.0
version/fortinet fortimanager/6.4
version/fortinet fortimanager/6.2