CVE-2024-56497

Summary

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or commands via the CLI.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiMail7.2.0 <= 7.2.4affected
FortinetFortiMail7.0.0 <= 7.0.6affected
FortinetFortiMail6.4.0 <= 6.4.7affected
FortinetFortiRecorder7.0.0affected
FortinetFortiRecorder6.4.0 <= 6.4.4affected

Weaknesses

  • CWE-78: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References