Lucene search
FortinetCVELIST:CVE-2024-27785HistoryJul 09, 2024 - 3:33 p.m.
CVE-2024-27785
2024-07-0915:33:27
CWE-1236
fortinet
www.cve.org
2
vulnerability
fortiaiops
csv file
cwe-1236
remote attacker
arbitrary commands
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L/E:P/RL:U/RC:C
EPSS
0
Percentile
14.1%
An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps version 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client’s workstation via poisoned CSV reports.
CNA Affected
[
{
"vendor": "Fortinet",
"product": "FortiAIOps",
"defaultStatus": "unaffected",
"versions": [
{
"version": "2.0.0",
"status": "affected"
}
]
}
]Related
nvd
nvd
CVE-2024-27785
2024-07-09 16:15:05
cve
cve
CVE-2024-27785
2024-07-09 16:15:05
vulnrichment
vulnrichment
CVE-2024-27785
2024-07-09 15:33:27
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L/E:P/RL:U/RC:C
EPSS
0
Percentile
14.1%
Related for CVELIST:CVE-2024-27785