First published: Fri Mar 14 2025(Updated: )
An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiWeb | >=7.4.0<=7.4.6>=7.2.0<=7.2.10>=7.0.0<=7.0.10 |
Please upgrade to FortiWeb version 7.6.0 or above Please upgrade to FortiWeb version 7.4.7 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-55594 affects Fortinet FortiWeb versions 7.4.0 to 7.4.6, 7.2.0 to 7.2.10, and 7.0.0 to 7.0.10.
CVE-2024-55594 has a high severity rating due to its potential to allow unauthorized code execution.
To mitigate CVE-2024-55594, users should update Fortinet FortiWeb to the latest unaffected version.
CVE-2024-55594 can be exploited through crafted HTTP/S requests that trigger improper handling of invalid structures.
Currently, there are no recommended workarounds for CVE-2024-55594, so updating to a patched version is strongly advised.