CVE-2024-48891

Name of the Vulnerable Software and Affected Versions FortiSOAR versions 7.3.x FortiSOAR versions 7.4.x FortiSOAR versions 7.5.0 through 7.5.1 FortiSOAR versions 7.6.0 through 7.6.1

Description An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') issue [CWE-78] exists. This allows an attacker with existing low-privileged, non-login shell access to perform a local privilege escalation via crafted commands. The vulnerability affects systems where an attacker has already obtained a limited level of access.

Recommendations Update FortiSOAR versions prior to 7.3.x. Update FortiSOAR versions prior to 7.4.x. Update FortiSOAR versions prior to 7.5.0. Update FortiSOAR versions prior to 7.6.0.