CVE Daily

CVE-2024-32123

Multiple improper neutralization of special elements used in an os command ('os ...

Medium CVSS 6.7

Overview

Multiple improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2
7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 and 5.6.0 through 5.6.11 and 5.4.0 through 5.4.7 and 5.2.0 through 5.2.10 and 5.0.0 through 5.0.12 and 4.3.4 through 4.3.8 allows attacker to execute unauthorized code or commands via crafted CLI requests.

CWE: CWE-78 Published: 2025-03-11T15:15:41.353
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.7 (MEDIUM)
  • Detected tags: command_injection (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags