OS Command Injection Vulnerability in Fortinet FortiIsolator
CVE-2024-55590

8.6HIGH

Key Information:

Vendor: Fortinet
Status: Fortiisolator
Vendor: CVE Published:; 11 March 2025

Summary

Fortinet FortiIsolator versions 2.4.0 to 2.4.5 exhibit vulnerabilities due to improper neutralization of special elements, enabling an authenticated attacker with read-only admin access and CLI permissions to execute unauthorized commands. Attackers can exploit these flaws by crafting specific CLI commands, potentially leading to unauthorized code execution within the system.

Affected Version(s)

FortiIsolator 2.4.0 <= 2.4.5

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-178

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Dec 9, 2024