CVE-2024-32115 – A relative path traversal vulnerability in Fort... (How to Fix)

Q: What is the severity of CVE-2024-32115?

CVE-2024-32115 has a CVSS score of 5.5 (MEDIUM). A relative path traversal vulnerability in Fortinet FortiManager allows privileged attackers to delete files from the underlying filesystem via crafted HTTP/HTTPS requests. This affects FortiManager versions 7.4.0 through 7.4.2 and versions before 7.2.5.

📋 TL;DR

A relative path traversal vulnerability in Fortinet FortiManager allows privileged attackers to delete files from the underlying filesystem via crafted HTTP/HTTPS requests. This affects FortiManager versions 7.4.0 through 7.4.2 and versions before 7.2.5.

💻 Affected Systems

Products:

Fortinet FortiManager

Versions: 7.4.0 through 7.4.2, and versions before 7.2.5

Operating Systems: Fortinet's custom OS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires privileged attacker access to the management interface.

📦 What is this software?

Fortimanager by Fortinet

View all CVEs affecting Fortimanager →

Fortimanager by Fortinet

View all CVEs affecting Fortimanager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Privileged attacker could delete critical system files, causing service disruption, data loss, or complete system compromise.

🟠

Likely Case

Privileged attacker deletes configuration files or logs, disrupting management operations and hindering forensic investigation.

🟢

If Mitigated

With proper access controls and network segmentation, impact is limited to authorized management interfaces only.

🌐 Internet-Facing: MEDIUM - Requires privileged credentials but could be exploited if management interface is exposed.

🏢 Internal Only: HIGH - Internal privileged users or compromised accounts could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated privileged access but uses simple path traversal techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.4.3 or 7.2.5 and later

Vendor Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-24-097

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Download and install FortiManager version 7.4.3 or 7.2.5 from Fortinet support portal. 3. Apply the update through the web interface or CLI. 4. Reboot the system as required.

🔧 Temporary Workarounds

Restrict Management Access

all

Limit access to FortiManager management interface to trusted IP addresses only.

config system interface
edit <interface_name>
set allowaccess https ssh ping
set trust-ip-1 <trusted_ip>
end

🧯 If You Can't Patch

Implement strict network segmentation to isolate FortiManager from untrusted networks.
Enforce least privilege access controls and monitor privileged user activities.

🔍 How to Verify

Check if Vulnerable:

Check FortiManager version via web interface (System > Dashboard) or CLI command: get system status

Check Version:

get system status | grep Version

Verify Fix Applied:

Verify version is 7.4.3 or higher, or 7.2.5 or higher after update.

📡 Detection & Monitoring

Log Indicators:

Unusual file deletion events in system logs
Multiple failed path traversal attempts in web logs

Network Indicators:

HTTP/HTTPS requests with '../' patterns to FortiManager management interface

SIEM Query:

source="fortimanager" AND (url="*../*" OR action="delete")

📊 Metadata

CVE ID: CVE-2024-32115

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

CWE: CWE-23

EPSS Score: 0.53% exploit probability (66.8th percentile)

Published: January 14, 2025

Last Updated: March 19, 2025

🔗 References

https://fortiguard.fortinet.com/psirt/FG-IR-24-097 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32115, you might also want to check these: