CVE-2024-33508

Summary

An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiClientEMS7.2.0 <= 7.2.4affected
FortinetFortiClientEMS7.0.0 <= 7.0.12affected

Weaknesses

  • CWE-77: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References