CVE-2024-50569: OS Command Injection
First published: Tue Feb 11 2025(Updated: )
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiWeb | >=7.0.0<=7.6.0 |
Remedy
Please upgrade to FortiWeb version 7.6.1 or above Please upgrade to FortiWeb version 7.4.6 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-50569?
CVE-2024-50569 is rated as critical due to its potential for unauthorized code execution.
How do I fix CVE-2024-50569?
To fix CVE-2024-50569, upgrade Fortinet FortiWeb to version 7.6.1 or later.
What are the affected versions in CVE-2024-50569?
CVE-2024-50569 affects Fortinet FortiWeb versions 7.0.0 through 7.6.0.
What types of attacks can CVE-2024-50569 exploit?
CVE-2024-50569 can be exploited for OS command injection, allowing attackers to execute unauthorized commands.
Is there any workaround for CVE-2024-50569?
There are no recommended workarounds for CVE-2024-50569; updating the software is the only secure solution.
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/fortinet
- canonical/fortinet fortiweb