CVE-2024-56497

Name of the Vulnerable Software and Affected Versions FortiMail versions 6.4.0 through 6.4.7 FortiMail versions 7.0.0 through 7.0.6 FortiMail versions 7.2.0 through 7.2.4 FortiRecorder versions 6.4.0 through 6.4.4 FortiRecorder version 7.0.0

Description An improper neutralization of special elements used in an os command allows an attacker to execute unauthorized code or commands via the CLI. This issue is related to 'os command injection' and can be exploited by an attacker to run non-authorized commands or code.

Recommendations For FortiMail versions 6.4.0 through 6.4.7, update to a version that includes the fix for this issue. For FortiMail versions 7.0.0 through 7.0.6, update to a version that includes the fix for this issue. For FortiMail versions 7.2.0 through 7.2.4, update to a version that includes the fix for this issue. For FortiRecorder versions 6.4.0 through 6.4.4, update to a version that includes the fix for this issue. For FortiRecorder version 7.0.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation.