Primary

Context

Fortinet FortiManager, FortiOS, and FortiProxy Path Traversal Vulnerability Allowing Privilege Escalation

Vulnerability

Patched

A path traversal vulnerability has been identified in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, and FortiProxy versions 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, and 1.0.0 through 1.0.7. This vulnerability allows attackers to escalate privileges by sending specially crafted packets, exploiting improper restrictions on file paths that could lead to unauthorized access to restricted directories.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation on the affected system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

1.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

1.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiManager, FortiOS, and FortiProxy Path Traversal Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Affected Products

Fortinet FortiManager

Fortinet FortiManager Cloud

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating