CVE-2024-55594Improper Handling of Syntactically Invalid Structure in Fortinet Fortiweb

CWE-228Improper Handling of Syntactically Invalid Structure4 documents4 sources
Severity
9.8CRITICALNVD
CNA5.6
EPSS
0.1%
top 66.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiweb
Timeline
PublishedMar 14

Description

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortiweb7.0.07.4.7
CVEListV5fortinet/fortiweb7.4.07.4.6+2

🔴Vulnerability Details

2
CVEList
CVE-2024-55594: An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 72025-03-14
GHSA
GHSA-x5rc-p5hc-wc9m: An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 72025-03-14

📋Vendor Advisories

1
Fortinet
An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7...2025-03-11
CVE-2024-55594 — Fortinet Fortiweb vulnerability | cvebase