CVE-2024-40584

CWE-78 — OS Command Injection4 documents4 sources

Severity

7.2HIGH

EPSS

0.1%

top 77.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Fortinet Fortianalyzer BIG Data Fortinet Fortianalyzer Cloud +2 more

Timeline

PublishedFeb 11

Description

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and 6.2.2 through 6.2.13, Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and 6.2.2 through 6.2.13, Fortinet FortiAnalyzer BigData version 7.4.0, 7.2.0 through 7.2.7, 7.0.1 through 7.0.6, 6.4.5 thr…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages7 packages

▶NVDfortinet/fortianalyzer_cloud6.4.1 — 7.2.6+1

▶NVDfortinet/fortimanager_cloud7.2.1 — 7.2.6+2

▶NVDfortinet/fortianalyzer_big_data6.2.1 — 7.2.8+1

▶NVDfortinet/fortianalyzer6.2.2 — 7.2.6+1

▶CVEListV5fortinet/fortianalyzer7.4.0 — 7.4.3+4

🔴Vulnerability Details

CVEList

CVE-2024-40584: An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiAnalyzer version↗2025-02-11

▶

GHSA

GHSA-x763-rwjp-4g28: An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiAnalyzer version↗2025-02-11

▶

📋Vendor Advisories

Fortinet

OS command injection in external connector↗2025-02-11

▶