{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-52964","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2024-11-18T13:36:52.465Z","datePublished":"2025-08-12T18:59:45.473Z","dateUpdated":"2025-08-13T20:13:55.667Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiManager","cpes":["cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.6.0","lessThanOrEqual":"7.6.1","status":"affected"},{"versionType":"semver","version":"7.4.0","lessThanOrEqual":"7.4.5","status":"affected"},{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.9","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.13","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.15","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.13","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9 and below 7.0.13 & FortiManager Cloud version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5 and before 7.2.9 allows an authenticated remote attacker to overwrite arbitrary files via FGFM crafted requests."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2025-08-12T18:59:45.473Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-22","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":5.2,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:P/RL:X/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiManager Cloud version 7.6.2 or above \nPlease upgrade to FortiManager Cloud version 7.4.6 or above \nPlease upgrade to FortiManager Cloud version 7.2.10 or above \nPlease upgrade to FortiManager version 7.6.2 or above \nPlease upgrade to FortiManager version 7.4.7 or above \nPlease upgrade to FortiManager version 7.4.6 or above \nPlease upgrade to FortiManager version 7.2.10 or above \nPlease upgrade to FortiManager version 7.0.14 or above"}],"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-24-473","url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-473"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-08-13T19:54:25.648289Z","id":"CVE-2024-52964","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-08-13T20:13:55.667Z"}}]}}