CVE-2024-21753
MEDIUM EPSS 50.0%
Published Sep 10, 20241y ago · Modified Jun 17, 20261w ago
6.0 CVSS 3.1
Published Sep 10, 2024 1y ago
Last Modified Jun 17, 2026 1w ago
Description
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or write a limited number of files via specially crafted HTTP requests
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability High
Threat Intelligence
EPSS Exploit Probability
50.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-22 Path Traversal Resource Mgmt
Affected Products 6
| Vendor | Product | Version | Range |
|---|---|---|---|
| fortinet | forticlient_endpoint_management_server | * | ≥1.2.1 – ≤1.2.5 |
| fortinet | forticlient_endpoint_management_server | * | ≥6.0.0 – ≤6.0.8 |
| fortinet | forticlient_endpoint_management_server | * | ≥6.2.0 – ≤6.2.9 |
| fortinet | forticlient_endpoint_management_server | * | ≥6.4.0 – ≤6.4.9 |
| fortinet | forticlient_endpoint_management_server | * | ≥7.0.0 – ≤7.0.13 |
| fortinet | forticlient_endpoint_management_server | * | ≥7.2.0 – ≤7.2.4 |
References 1
- fortiguard.fortinet.com https://fortiguard.fortinet.com/psirt/FG-IR-23-362
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.