Skip to main content

Fortirecorder

10 CVEs product

Monthly

CVE-2025-55717 MEDIUM This Month

A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited ...

Fortinet Fortivoice Fortimail Fortirecorder
NVD VulDB
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-40588 MEDIUM Monitor

Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions,. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Path Traversal Forticamera Firmware Fortimail Fortindr +2
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-32756 CRITICAL KEV THREAT CERT-EU Act Now

Fortinet FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice contain a stack-based buffer overflow enabling unauthenticated remote code execution across multiple Fortinet products.

Buffer Overflow RCE Stack Overflow Fortinet Fortimail +4
NVD
CVSS 3.1
9.8
EPSS
41.6%
CVE-2021-24008 MEDIUM This Month

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortimail Fortiddos Fortivoice Fortirecorder +1
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-23439 MEDIUM This Month

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortiadc Fortiauthenticator Fortiddos +11
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-48885 CRITICAL Act Now

Privilege escalation via path traversal affects multiple Fortinet appliances - FortiWeb (6.4, 7.0, 7.2, 7.4.0-7.4.4, 7.6.0), FortiVoice (6.0, 6.4.0-6.4.9, 7.0.0-7.0.4), and FortiRecorder (7.0.0-7.0.4, 7.2.0-7.2.1) - where an attacker sends specially crafted packets that break out of a restricted directory to gain elevated privileges. Fortinet PSIRT scores this CVSS 9.1 with no confidentiality impact but high integrity and availability impact, reflecting a management-plane compromise rather than data theft. There is no public exploit identified at time of analysis and EPSS is modest (0.39%, 60th percentile), so exploitation is not yet observed at scale.

Fortinet Path Traversal Fortirecorder Fortivoice Fortiweb
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-56497 MEDIUM This Month

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortinet Fortimail Fortirecorder
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-48884 CRITICAL Emergency

Arbitrary file write and folder deletion in Fortinet FortiManager, FortiOS, and FortiProxy is possible via a path traversal flaw in the security fabric interface, where a remote authenticated attacker can write arbitrary files and, more severely, a remote unauthenticated attacker can delete arbitrary folders. The flaw carries a CVSS 9.1 (I:H/A:H) and an unusually high EPSS of 39.29% (97th percentile), signaling elevated near-term exploitation likelihood, though no public exploit is identified and it is not yet in CISA KEV. Affected products span multiple FortiOS 6.4-7.6, FortiManager 7.4-7.6, FortiProxy 1.0-7.4, and FortiManager Cloud branches.

Fortinet Path Traversal Fortimanager Fortimanager Cloud Fortiproxy +4
NVD
CVSS 3.1
9.1
EPSS
39.3%
CVE-2024-47566 MEDIUM This Month

A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortirecorder
NVD
CVSS 3.1
5.1
EPSS
0.4%
CVE-2024-46664 MEDIUM This Month

A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fortinet Fortirecorder
NVD
CVSS 3.1
5.5
EPSS
0.5%
EPSS 0% CVSS 4.0
MEDIUM This Month

A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder 6.4 all versions, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6 may allow an authenticated malicious administrator to obtain user's secrets via CLI commands. Practical exploitability is limited ...

Fortinet Fortivoice Fortimail +1
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM Monitor

Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions,. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Path Traversal Forticamera Firmware +4
NVD
EPSS 42% CVSS 9.8
CRITICAL KEV THREAT Act Now

Fortinet FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice contain a stack-based buffer overflow enabling unauthenticated remote code execution across multiple Fortinet products.

Buffer Overflow RCE Stack Overflow +6
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortimail Fortiddos +3
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortiadc +13
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Privilege escalation via path traversal affects multiple Fortinet appliances - FortiWeb (6.4, 7.0, 7.2, 7.4.0-7.4.4, 7.6.0), FortiVoice (6.0, 6.4.0-6.4.9, 7.0.0-7.0.4), and FortiRecorder (7.0.0-7.0.4, 7.2.0-7.2.1) - where an attacker sends specially crafted packets that break out of a restricted directory to gain elevated privileges. Fortinet PSIRT scores this CVSS 9.1 with no confidentiality impact but high integrity and availability impact, reflecting a management-plane compromise rather than data theft. There is no public exploit identified at time of analysis and EPSS is modest (0.39%, 60th percentile), so exploitation is not yet observed at scale.

Fortinet Path Traversal Fortirecorder +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortinet Fortimail +1
NVD
EPSS 39% CVSS 9.1
CRITICAL Emergency

Arbitrary file write and folder deletion in Fortinet FortiManager, FortiOS, and FortiProxy is possible via a path traversal flaw in the security fabric interface, where a remote authenticated attacker can write arbitrary files and, more severely, a remote unauthenticated attacker can delete arbitrary folders. The flaw carries a CVSS 9.1 (I:H/A:H) and an unusually high EPSS of 39.29% (97th percentile), signaling elevated near-term exploitation likelihood, though no public exploit is identified and it is not yet in CISA KEV. Affected products span multiple FortiOS 6.4-7.6, FortiManager 7.4-7.6, FortiProxy 1.0-7.4, and FortiManager Cloud branches.

Fortinet Path Traversal Fortimanager +6
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortirecorder
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fortinet Fortirecorder
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy