Lucene search

FortinetCVELIST:CVE-2024-33508

HistorySep 10, 2024 - 2:37 p.m.

CVE-2024-33508

2024-09-1014:37:45

CWE-77

fortinet

www.cve.org

forticlientems

command injection

cwe-77

database

vulnerability

fortinet

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RC:C

EPSS

0.001

Percentile

16.7%

JSON

An improper neutralization of special elements used in a command (‘Command Injection’) vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests.

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiClientEMS",
    "cpes": [],
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "7.2.0",
        "lessThanOrEqual": "7.2.4",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.12",
        "status": "affected"
      }
    ]
  }
]

References

fortiguard.fortinet.com/psirt/FG-IR-24-123

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RC:C

EPSS

0.001

Percentile

16.7%

JSON

Related for CVELIST:CVE-2024-33508