What is CVE-2024-40588?

CVE-2024-40588 is a medium-severity vulnerability in Fortinet Forticamera, classified under Relative Path Traversal. CVSS score: 4.2/10. Published 2025-08-12.

How severe is CVE-2024-40588?

Medium severity. CVSS v3 base score is 4.2 out of 10.

Path Traversal in Fortinet Forticamera

CVE-2024-40588

Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0…

EPSS: 0.000 (12.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.2 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C.

Affected products

Fortinet Forticamera — versions 2.1.0, 2.0.0, 1.1.0
Fortinet Fortimail — versions 7.6.0, 7.4.0, 7.2.0
Fortinet Fortindr — versions 7.6.0, 7.4.0, 7.2.0
Fortinet Fortirecorder — versions 7.2.0, 7.0.0, 6.4.0
Fortinet Fortivoice — versions 7.0.0, 6.4.0, 6.0.0

Weakness classification (CWE)

CWE-23 — Relative Path Traversal

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-309

Frequently asked questions

What is CVE-2024-40588?: CVE-2024-40588 is a medium-severity vulnerability in Fortinet Forticamera, classified under Relative Path Traversal. CVSS score: 4.2/10. Published 2025-08-12.
How severe is CVE-2024-40588?: Medium severity. CVSS v3 base score is 4.2 out of 10.