Cyber Resilience

CVE-2024-48885

Medium

Published: 16 January 2025

Published
16 January 2025
Modified
14 January 2026
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0029 53.1th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-48885 is a medium-severity Path Traversal (CWE-22) vulnerability in Fortinet Fortirecorder. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 46.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-48885 is an improper limitation of a pathname to a restricted directory vulnerability, classified under CWE-22 as a path traversal issue. It affects multiple Fortinet products, including FortiRecorder versions 7.2.0 through 7.2.1 and 7.0.0 through 7.0.4; FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, and 6.0 all versions; and FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2 all versions, 7.0 all versions, and 6.4 all versions. The flaw enables privilege escalation through specially crafted packets and carries a CVSS v3.1 base score of 5.3 (AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

Exploitation requires an attacker to have low privileges (PR:L) and involves a network-based attack (AV:N) with high complexity (AC:H) and no user interaction (UI:N). Successful exploitation allows the attacker to escalate privileges, resulting in a high impact on availability (A:H) with no impact on confidentiality or integrity.

Mitigation details are available in the Fortinet PSIRT advisory at https://fortiguard.fortinet.com/psirt/FG-IR-24-259.

EU & UK References

Vulnerability details

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions, FortiWeb 7.6.0, FortiWeb 7.4.0 through…

more

7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to escalate privilege via specially crafted packets.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Path traversal vulnerability directly enables exploitation for privilege escalation via crafted network packets.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-48884Same product: Fortinet Fortirecorder
CVE-2024-55597Same product: Fortinet Fortiweb
CVE-2024-36512Same vendor: Fortinet
CVE-2025-54659Same vendor: Fortinet
CVE-2024-35275Same vendor: Fortinet
CVE-2024-46662Same vendor: Fortinet
CVE-2025-62676Same vendor: Fortinet
CVE-2025-64157Same vendor: Fortinet
CVE-2024-40591Same vendor: Fortinet
CVE-2024-45328Same vendor: Fortinet

Affected Assets

fortinet
fortirecorder
7.0.0 — 7.0.5 · 7.2.0 — 7.2.2
fortinet
fortivoice
6.0.0 — 6.4.10 · 7.0.0 — 7.0.5
fortinet
fortiweb
7.6.0 · 6.4.0 — 7.4.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the path traversal flaw in affected Fortinet products through timely identification, reporting, and patching.

prevent

Validates information inputs from specially crafted packets at system entry points to block path traversal attempts.

prevent

Enforces approved access authorizations to information and resources, limiting unauthorized directory traversal even from low-privileged accounts.

References