Improper Neutralization in Fortinet FortiSOAR Product for CSV File Handling
CVE-2024-47572

8HIGH

Key Information:

Vendor

Fortinet
Status
Fortisoar
Vendor
CVE Published:
14 January 2025

What is CVE-2024-47572?

Fortinet FortiSOAR versions 7.2.1 through 7.4.1 contain a vulnerability that allows attackers to inject malicious code through improperly sanitized elements in CSV files. By manipulating the data exchanged in CSV format, an unauthorized actor can execute arbitrary commands, potentially compromising the confidentiality, integrity, and availability of affected systems. This vulnerability underscores the importance of secure coding practices and thorough input validation to mitigate risks associated with file handling.

Affected Version(s)

FortiSOAR 7.4.0 <= 7.4.1

FortiSOAR 7.3.0 <= 7.3.2

FortiSOAR 7.2.1 <= 7.2.2

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-210

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.
CVE-2024-47572 : Improper Neutralization in Fortinet FortiSOAR Product for CSV File Handling