CVE-2024-50567OS Command Injection in Fortinet Fortiweb

CWE-78OS Command Injection4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.2%
top 63.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiweb
Timeline
PublishedFeb 11

Description

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortiweb7.0.07.4.6+1
CVEListV5fortinet/fortiweb7.4.07.4.5+1

🔴Vulnerability Details

2
GHSA
GHSA-g5rj-645r-67rh: An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 72025-02-11
CVEList
CVE-2024-50567: An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 72025-02-11

📋Vendor Advisories

1
Fortinet
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0...2025-02-11