First published: Tue Mar 11 2025(Updated: )
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiWeb | >=7.0.0<=7.6.0 |
Please upgrade to FortiWeb version 7.6.1 or above Please upgrade to FortiWeb version 7.4.6 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-55597 is rated as a critical severity vulnerability.
To mitigate CVE-2024-55597, update Fortinet FortiWeb to a version higher than 7.6.0.
CVE-2024-55597 affects Fortinet FortiWeb versions 7.0.0 through 7.6.0.
CVE-2024-55597 is a path traversal vulnerability allowing unauthorized code execution.
Yes, CVE-2024-55597 can be exploited remotely via crafted requests.