CVE-2024-21760 — Code Injection in Fortinet Fortisoar

CWE-94 — Code Injection4 documents4 sources

Severity

8.4HIGHNVD

EPSS

0.2%

top 53.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortisoar

Timeline

PublishedMar 18

Description

An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code snippet.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 1.7 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5fortinet/fortisoar7.4.0 — 7.4.5+5

▶NVDfortinet/fortisoar6.4.0 — 7.4.5

🔴Vulnerability Details

GHSA

GHSA-fxh3-9v44-3m3r: An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7↗2025-03-18

▶

CVEList

CVE-2024-21760: An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7↗2025-03-18

▶

📋Vendor Advisories

Fortinet

An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4...↗2025-03-18

▶