UnAuthenticated Command Injection Vulnerability in FortiClientEMS
CVE-2024-33508

7.3HIGH

Key Information:

Vendor: Fortinet
Status: Forticlientems
Vendor: CVE Published:; 10 September 2024

What is CVE-2024-33508?

Fortinet FortiClientEMS software, specifically versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.12, is susceptible to a command injection vulnerability. This flaw arises from improper neutralization of special elements during command processing, identified as CWE-77. Exploitation of this vulnerability could enable an unauthenticated attacker to execute unauthorized operations on the underlying database by crafting malicious requests, potentially compromising data integrity and availability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FortiClientEMS 7.2.0 <= 7.2.4

FortiClientEMS 7.0.0 <= 7.0.12

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-123

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Apr 23, 2024

JSON

Fortinet