UnAuthenticated Command Injection Vulnerability in FortiClientEMS

CVE-2024-33508

6.9MEDIUM

Key Information

Vendor: Fortinet
Status: Forticlientems
Vendor: CVE Published:; 10 September 2024

Summary

An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests.

Affected Version(s)

FortiClientEMS <= 7.2.4

FortiClientEMS <= 7.0.12

CVSS V3.1

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 10, 2024
Vulnerability Reserved.
Apr 23, 2024

Collectors

NVD DatabaseMitre Database