Code Injection Vulnerability in FortiSOAR by Fortinet
CVE-2024-21760

7.7HIGH

Key Information:

Vendor: Fortinet
Status: Fortisoar
Vendor: CVE Published:; 18 March 2025

Summary

An improper control of code generation vulnerability exists in FortiSOAR Connector that allows an authenticated attacker to execute arbitrary code via manipulated playbook code snippets. This could potentially compromise the host system where FortiSOAR is deployed, highlighting the importance of applying timely updates and securing configurations to mitigate such risks.

Affected Version(s)

FortiSOAR 7.4.0 <= 7.4.5

FortiSOAR 7.3.0 <= 7.3.3

FortiSOAR 7.2.0 <= 7.2.2

References

https://fortiguard.fortinet.com/psirt/FG-IR-23-420

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 18, 2025
Vulnerability Reserved
Jan 2, 2024