CVE-2024-52964 – This path traversal vulnerability in Fortinet F... (How to Fix)

Q: What is the severity of CVE-2024-52964?

CVE-2024-52964 has a CVSS score of 5.5 (MEDIUM). This path traversal vulnerability in Fortinet FortiManager and FortiManager Cloud allows authenticated remote attackers to overwrite arbitrary files via crafted FGFM requests. Attackers could potentially modify configuration files, install malicious software, or disrupt system operations. Organizations running affected versions of FortiManager (on-premises or cloud) are at risk.

📋 TL;DR

This path traversal vulnerability in Fortinet FortiManager and FortiManager Cloud allows authenticated remote attackers to overwrite arbitrary files via crafted FGFM requests. Attackers could potentially modify configuration files, install malicious software, or disrupt system operations. Organizations running affected versions of FortiManager (on-premises or cloud) are at risk.

💻 Affected Systems

Products:

Fortinet FortiManager
Fortinet FortiManager Cloud

Versions: FortiManager: 7.6.0-7.6.1, 7.4.0-7.4.5, 7.2.0-7.2.9, below 7.0.13; FortiManager Cloud: 7.6.0-7.6.1, 7.4.0-7.4.5, before 7.2.9

Operating Systems: FortiOS-based appliances

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access; FGFM (FortiGate FortiManager) protocol must be enabled/accessible.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to overwrite critical system files, install persistent backdoors, or disrupt FortiManager operations leading to network management failure.

🟠

Likely Case

Unauthorized file modification leading to configuration changes, privilege escalation, or service disruption affecting managed FortiGate devices.

🟢

If Mitigated

Limited impact due to proper network segmentation, strong authentication controls, and monitoring that detects unusual file modification attempts.

🌐 Internet-Facing: MEDIUM - Requires authentication but internet-facing instances are more exposed to credential attacks and exploitation attempts.

🏢 Internal Only: MEDIUM - Internal attackers with valid credentials or compromised accounts could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access and knowledge of FGFM protocol; attacker needs valid credentials to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FortiManager: 7.6.2, 7.4.6, 7.2.10, 7.0.14; FortiManager Cloud: 7.6.2, 7.4.6, 7.2.10

Vendor Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-24-473

Restart Required: No

Instructions:

1. Backup current configuration. 2. Download appropriate firmware from Fortinet Support Portal. 3. Upload firmware to FortiManager. 4. Install update via System Settings > Firmware. 5. Verify successful update.

🔧 Temporary Workarounds

Restrict FGFM Access

all

Limit FGFM protocol access to trusted management networks only using firewall rules.

config system interface
edit <interface_name>
set allowaccess https ssh ping
end

Enforce Strong Authentication

all

Implement multi-factor authentication and strong password policies for all administrative accounts.

🧯 If You Can't Patch

Implement strict network segmentation to isolate FortiManager from untrusted networks
Enable detailed logging and monitoring for file modification attempts and FGFM protocol anomalies

🔍 How to Verify

Check if Vulnerable:

Check FortiManager version via GUI (System > Dashboard) or CLI: get system status

Check Version:

get system status | grep Version

Verify Fix Applied:

Verify version is updated to patched version: get system status | grep Version

📡 Detection & Monitoring

Log Indicators:

Unusual file modification events
Multiple failed authentication attempts followed by FGFM requests
FGFM requests with unusual file paths

Network Indicators:

Unusual FGFM traffic patterns
FGFM requests containing path traversal sequences (../)

SIEM Query:

source="fortimanager" AND (event_type="file_modification" OR protocol="FGFM") AND (path="*../*" OR user_agent="*malicious*")

📊 Metadata

CVE ID: CVE-2024-52964

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

CWE: CWE-22

EPSS Score: 0.26% exploit probability (49.4th percentile)

Published: August 12, 2025

Last Updated: August 14, 2025

🔗 References

https://fortiguard.fortinet.com/psirt/FG-IR-24-473 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-52964, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fortimanager by Fortinet

Fortimanager by Fortinet

Fortimanager by Fortinet

Fortimanager by Fortinet

Fortimanager Cloud by Fortinet

Fortimanager Cloud by Fortinet

Fortimanager Cloud by Fortinet

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict FGFM Access

Enforce Strong Authentication

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities