CVE-2024-21760

Summary

An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code snippet.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSOAR7.4.0 <= 7.4.5affected
FortinetFortiSOAR7.3.0 <= 7.3.3affected
FortinetFortiSOAR7.2.0 <= 7.2.2affected
FortinetFortiSOAR7.0.0 <= 7.0.3affected
FortinetFortiSOAR6.4.3 <= 6.4.4affected
FortinetFortiSOAR6.4.0 <= 6.4.1affected

Weaknesses

  • CWE-94: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References