{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T04:29:03.613","vulnerabilities":[{"cve":{"id":"CVE-2024-35274","sourceIdentifier":"psirt@fortinet.com","published":"2024-11-12T19:15:09.993","lastModified":"2025-01-17T20:29:43.327","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests."},{"lang":"es","value":"Una vulnerabilidad de limitación incorrecta de una ruta a un directorio restringido ('Path Traversal') [CWE-22] en Fortinet FortiAnalyzer versiones anteriores a 7.4.2, Fortinet FortiManager versiones anteriores a 7.4.2 y Fortinet FortiAnalyzer-BigData versiones 7.4.0 y anteriores a 7.2.7 permite a un atacante privilegiado con privilegios administrativos de lectura y escritura crear archivos no arbitrarios en un directorio elegido a través de solicitudes CLI manipuladas."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":2.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":2.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":1.4}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"7.4.3","matchCriteriaId":"452AE920-49A0-4A7C-840C-4AD5510B7AF2"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer_big_data:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.1","versionEndExcluding":"7.4.1","matchCriteriaId":"35854F9A-432E-4185-A6D2-8C6D59A4CE98"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"7.4.3","matchCriteriaId":"D7F7A7D1-A7E0-429D-B4F8-BD64A6E2497F"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-179","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}}]}