CVE-2024-55594

Summary

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb7.4.0 <= 7.4.6affected
FortinetFortiWeb7.2.0 <= 7.2.10affected
FortinetFortiWeb7.0.0 <= 7.0.10affected

Weaknesses

  • CWE-228: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References