CVE-2024-48891

CVSS v3.1

7.0

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FortiSOAR versions 7.3.x FortiSOAR versions 7.4.x FortiSOAR versions 7.5.0 through 7.5.1 FortiSOAR versions 7.6.0 through 7.6.1

Description An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') issue [CWE-78] exists. This allows an attacker with existing low-privileged, non-login shell access to perform a local privilege escalation via crafted commands. The vulnerability affects systems where an attacker has already obtained a limited level of access.

Recommendations Update FortiSOAR versions prior to 7.3.x. Update FortiSOAR versions prior to 7.4.x. Update FortiSOAR versions prior to 7.5.0. Update FortiSOAR versions prior to 7.6.0.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2024-48891

Affected Products

Fortisoar

CVE-2024-48891

Weakness Enumeration

Related Identifiers

Affected Products

References · 3