CVE-2024-33508

Name of the Vulnerable Software and Affected Versions: Fortinet FortiClientEMS versions 7.0.0 through 7.0.12 Fortinet FortiClientEMS versions 7.2.0 through 7.2.4

Description: The issue is related to an improper neutralization of special elements used in a command, also known as a 'Command Injection' vulnerability. This may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests.

Recommendations: For Fortinet FortiClientEMS versions 7.0.0 through 7.0.12, update to a version that addresses the Command Injection vulnerability. For Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, update to a version that addresses the Command Injection vulnerability. As a temporary workaround, consider restricting access to the underlying database to minimize the risk of exploitation.