CVE-2024-56497

Published Jan 14, 2025

Last updated 24 days ago

CVSS medium 6.7

Overview

Description: An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or commands via the CLI.
Source: psirt@fortinet.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

Weaknesses

psirt@fortinet.com: CWE-78

Hype score: Not currently trending

CVE-2024-56497 An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0… https://t.co/mGovWx0AHb
@CVEnew
14 Jan 2025
145 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "759248EA-4A1C-4E68-BDA0-81A6D30375E5",
            "versionEndExcluding": "6.4.8",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "997C1A09-3ED3-4C44-B7CC-9C7A895F2417",
            "versionEndExcluding": "7.0.7",
            "versionStartIncluding": "7.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F49F4784-29AE-4B26-8805-D1B34AF9E99F",
            "versionEndExcluding": "7.2.5",
            "versionStartIncluding": "7.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2D6C54F-3BB4-49AB-97F4-DFF8E6AB51F6",
            "versionEndExcluding": "6.4.5",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9A223FA-0051-4A86-8864-3B747DE1CAC3",
            "versionEndExcluding": "7.0.2",
            "versionStartIncluding": "7.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References