Cyber Resilience

CVE-2024-26012

Medium

Published: 14 January 2025

Published
14 January 2025
Modified
31 January 2025
KEV Added
Patch
CVSS Score v3.1 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0010 26.5th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-26012 is a medium-severity OS Command Injection (CWE-78) vulnerability in Fortinet Fortiap. Its CVSS base score is 6.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked at the 26.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-26012 is an OS command injection vulnerability (CWE-78) due to improper neutralization of special elements used in an OS command. It affects Fortinet FortiAP-S all 6.2 versions and 6.4.0 through 6.4.9; FortiAP-W2 all 6.4 versions, all 7.0 versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2; and FortiAP all 6.4 versions, all 7.0 versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2. The issue enables a local authenticated attacker to execute unauthorized code via the CLI. It carries a CVSS v3.1 base score of 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), rated as medium severity.

An attacker requires local access and high-privilege authentication (PR:H) to exploit the vulnerability with low complexity (AC:L) and no user interaction. Successful exploitation allows execution of arbitrary OS commands, resulting in high impacts to confidentiality, integrity, and availability, potentially leading to full compromise of the affected FortiAP device.

Mitigation details are available in the Fortinet PSIRT advisory at https://fortiguard.fortinet.com/psirt/FG-IR-23-405. Security practitioners should consult this reference for patching instructions and workarounds specific to the affected versions.

EU & UK References

Vulnerability details

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4…

more

all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
Why these techniques?

OS command injection via CLI on network device (FortiAP) directly maps to Network Device CLI execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-50566Same vendor: Fortinet
CVE-2024-52961Same vendor: Fortinet
CVE-2025-58034Same vendor: Fortinet
CVE-2025-53949Same vendor: Fortinet
CVE-2025-64155Same vendor: Fortinet
CVE-2026-39808Same vendor: Fortinet
CVE-2024-48890Same vendor: Fortinet
CVE-2024-50567Same vendor: Fortinet
CVE-2024-50569Same vendor: Fortinet
CVE-2024-55590Same vendor: Fortinet

Affected Assets

fortinet
fortiap
6.4.1 — 7.2.4 · 7.4.0 — 7.4.3
fortinet
fortiap-s
6.2.0 — 6.4.10
fortinet
fortiap-w2
6.4.0 — 7.2.4 · 7.4.0 — 7.4.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates OS command injection by requiring validation of CLI inputs to neutralize special elements.

prevent

Addresses the specific flaw in FortiAP CLI by requiring timely remediation through vendor patching.

prevent

Limits exploitation potential by restricting high-privilege access required for local authenticated CLI attacks.

References