CVE-2024-50567: OS Command Injection
First published: Tue Feb 11 2025(Updated: )
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiWeb | >=7.4.0<=7.6.0 |
Remedy
Please upgrade to FortiWeb version 7.6.1 or above Please upgrade to FortiWeb version 7.4.6 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-50567?
CVE-2024-50567 is rated as a critical severity vulnerability due to its potential for unauthorized code execution.
How do I fix CVE-2024-50567?
To fix CVE-2024-50567, upgrade Fortinet FortiWeb to version 7.6.1 or later to patch the vulnerability.
Which versions of Fortinet FortiWeb are affected by CVE-2024-50567?
CVE-2024-50567 affects Fortinet FortiWeb versions 7.4.0 to 7.6.0 inclusively.
What kind of attack does CVE-2024-50567 enable?
CVE-2024-50567 enables an attacker to perform OS command injection, allowing execution of unauthorized commands.
Is there a workaround for CVE-2024-50567?
There are no known effective workarounds for CVE-2024-50567, so upgrading to a secure version is recommended.
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/fortinet
- canonical/fortinet fortiweb