CVE-2024-55590

Name of the Vulnerable Software and Affected Versions: Fortinet FortiIsolator versions 2.4.0 through 2.4.5

Description: The issue is related to multiple improper neutralization of special elements used in an OS command, also known as 'OS Command Injection'. This allows an authenticated attacker with at least read-only admin permission and CLI access to execute unauthorized code via specifically crafted CLI commands.

Recommendations: For Fortinet FortiIsolator versions 2.4.0 through 2.4.5, consider disabling CLI access for users with read-only admin permission until a patch is available. Restrict access to specifically crafted CLI commands to minimize the risk of exploitation. As a temporary workaround, limit the use of CLI commands that may be used to execute unauthorized code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.