OS Command Injection Vulnerability in Fortinet FortiIsolator
CVE-2024-54024

7HIGH

Key Information:

Vendor: Fortinet
Status: Fortiisolator
Vendor: CVE Published:; 8 April 2025

Summary

Fortinet FortiIsolator versions prior to 2.4.6 are susceptible to an OS Command Injection vulnerability, allowing attackers with privileged super-admin profiles and CLI access to execute unauthorized commands through specially crafted HTTP requests. This flaw poses significant risks as it grants potential access to critical system functionalities, compromising both integrity and security.

Affected Version(s)

FortiIsolator 2.4.3 <= 2.4.6

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-397

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Nov 27, 2024