ГлавнаяУязвимости → CVE-2024-33508
7.3высокая

CVE-2024-33508

→ есть в БДУ: BDU:2024-11594 (на русском)
Описание (на английском; русское — в БДУ выше)

An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests.

Затрагиваемое ПО
Fortinet Forticlient enterprise management server
CVSS
Балл7.3 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Источники
https://fortiguard.fortinet.com/psirt/FG-IR-24-123