OS Command Injection Vulnerability in Fortinet's FortiSOAR Affects Multiple Versions
CVE-2024-48891
6.6MEDIUM
What is CVE-2024-48891?
An OS Command Injection vulnerability exists in FortiSOAR that allows an attacker with low-privileged shell access to escalate privileges by executing crafted commands. This security flaw affects various versions of FortiSOAR and could pose significant risks if exploited. For more details, refer to the official Fortinet advisory.
Affected Version(s)
FortiSOAR on-premise 7.6.0
FortiSOAR on-premise 7.5.0 <= 7.5.1
FortiSOAR on-premise 7.4.0 <= 7.4.5
References
CVSS V3.1
Score:
6.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved