प्लेटफ़ॉर्म
fortinet
घटक
fortiproxy
में ठीक किया गया
7.4.6
7.2.12
7.0.19
2.0.15
1.2.14
1.1.7
1.0.8
7.4.4
7.6.2
7.4.4
7.6.1
7.4.5
7.2.10
7.0.16
6.4.16
CVE-2024-48884 describes a path traversal vulnerability discovered in FortiProxy. This flaw allows a remote, authenticated attacker to potentially access sensitive files on the system. The vulnerability impacts FortiProxy versions 1.0.0 through 7.6.1, as well as several FortiManager and FortiOS versions. A patch is available from Fortinet to address this issue.
Successful exploitation of CVE-2024-48884 allows a remote, authenticated attacker to bypass intended access controls and read arbitrary files on the FortiProxy appliance. This could include configuration files, sensitive data, or even system files, depending on the attacker's privileges and the system's configuration. The potential impact ranges from information disclosure to complete system compromise, enabling attackers to modify configurations, escalate privileges, or launch further attacks against internal networks. While requiring authentication, the ease of traversal makes it a significant risk, particularly in environments with weak password policies or compromised user accounts.
CVE-2024-48884 is currently not listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, but the path traversal nature of the vulnerability suggests a relatively low barrier to entry for exploitation. The vulnerability was publicly disclosed on 2025-01-14. Given the ease of path traversal exploitation, it is reasonable to expect that attackers will actively target vulnerable systems.
Organizations using FortiProxy in environments with weak authentication or exposed to external networks are particularly at risk. Shared hosting environments where multiple users share a single FortiProxy instance are also vulnerable, as a compromise of one user's account could potentially lead to access for other users. Legacy FortiProxy deployments running older, unpatched versions are especially susceptible.
• fortinet: Monitor FortiProxy logs for unusual file access attempts or requests containing directory traversal sequences (e.g., ../).
• linux / server: Use lsof to identify processes accessing unexpected files or directories. Example:
lsof | grep /path/to/sensitive/file• generic web: Use curl to test for path traversal vulnerabilities by appending directory traversal sequences to URLs. Example:
curl 'http://fortiproxy/../../../../etc/passwd'• windows: Use PowerShell to check for suspicious processes or scheduled tasks that might be exploiting the vulnerability. Example:
Get-Process | Where-Object {$_.ProcessName -like '*suspicious*'}disclosure
एक्सप्लॉइट स्थिति
EPSS
39.29% (97% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2024-48884 is to upgrade FortiProxy to a patched version. Fortinet has released updates to address this vulnerability. If immediate patching is not possible due to compatibility concerns or testing requirements, consider implementing temporary workarounds. These may include restricting access to the vulnerable endpoint, implementing stricter authentication controls, and reviewing file permissions to limit the potential impact of a successful exploit. Web application firewalls (WAFs) configured to detect and block path traversal attempts can also provide an additional layer of defense. After upgrade, confirm the vulnerability is resolved by attempting a path traversal request and verifying that access is denied.
Actualice FortiProxy a una versión corregida. Consulte el advisory de Fortinet para obtener más detalles sobre las versiones corregidas y las instrucciones de actualización.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-48884 is a path traversal vulnerability affecting FortiProxy versions 1.0.0–7.6.1, allowing authenticated attackers to access sensitive files.
If you are running FortiProxy versions 1.0.0 through 7.6.1, you are potentially affected by this vulnerability. Check your version and apply the available patch.
Upgrade FortiProxy to a patched version as soon as possible. Refer to the Fortinet advisory for specific version details and upgrade instructions.
While no active exploitation has been confirmed, the ease of path traversal exploitation suggests it is likely to be targeted by attackers.
Refer to the official Fortinet security advisory for detailed information and mitigation steps: [https://www.fortinet.com/security/advisory/fortinet-security-advisory/CVE-2024-48884](https://www.fortinet.com/security/advisory/fortinet-security-advisory/CVE-2024-48884)
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।