CVE-2024-54024

Name of the Vulnerable Software and Affected Versions: Fortinet FortiIsolator versions prior to 2.4.6

Description: The issue is related to an improper neutralization of special elements used in an OS command, also known as 'OS Command Injection'. This allows a privileged attacker with a super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests.

Recommendations: For versions prior to 2.4.6, update to version 2.4.6 or later to resolve the issue. As a temporary workaround, consider restricting CLI access and limiting the privileges of super-admin profiles until a patch is applied. Avoid using specifically crafted HTTP requests that could exploit the OS Command Injection vulnerability until the issue is resolved.