UnAuthenticated Command Injection Vulnerability in FortiClientEMS

CVE-2024-33508

7.3HIGH

Key Information

Vendor
Fortinet
Status
Forticlientems
Vendor
CVE Published:
10 September 2024

Summary

An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests.

Affected Version(s)

FortiClientEMS <= 7.2.4

FortiClientEMS <= 7.0.12

Refferences

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.