Improper Neutralization in Fortinet FortiSOAR Product for CSV File Handling
CVE-2024-47572

8.3HIGH

Key Information:

Vendor: Fortinet
Status: Fortisoar
Vendor: CVE Published:; 14 January 2025

Summary

Fortinet FortiSOAR versions 7.2.1 through 7.4.1 contain a vulnerability that allows attackers to inject malicious code through improperly sanitized elements in CSV files. By manipulating the data exchanged in CSV format, an unauthorized actor can execute arbitrary commands, potentially compromising the confidentiality, integrity, and availability of affected systems. This vulnerability underscores the importance of secure coding practices and thorough input validation to mitigate risks associated with file handling.

Affected Version(s)

FortiSOAR 7.4.0 <= 7.4.1

FortiSOAR 7.3.0 <= 7.3.2

FortiSOAR 7.2.1 <= 7.2.2

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-210

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 14, 2025