CVE-2024-54024 — OS Command Injection in Fortinet Fortiisolator
Severity
7.2HIGHNVD
EPSS
0.9%
top 24.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 8
Description
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9
Affected Packages2 packages
🔴Vulnerability Details
2CVEList▶
CVE-2024-54024: An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator before↗2025-04-08
GHSA▶
GHSA-83g9-r3gv-pq9c: An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator before↗2025-04-08
📋Vendor Advisories
1Fortinet▶
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in...↗2025-04-08