CVE-2024-40587
published 2025-01-14CVE-2024-40587: An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiVoice version 7.0.0…
medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortivoice | — | — |
| fortinet | fortivoice | >= 6.0.0 < 6.4.10 | 6.4.10 |
| fortinet | fortivoice | 6.0.0 – 6.0.12 | — |
| fortinet | fortivoice | 6.4.0 – 6.4.9 | — |
| fortinet | fortivoice | >= 7.0.0 < 7.0.5 | 7.0.5 |
| fortinet | fortivoice | 7.0.0 – 7.0.4 | — |