Cyber Resilience

CVE-2024-33508

High

Published: 10 September 2024

Published
10 September 2024
Modified
20 September 2024
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0157 82.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-33508 is a high-severity Command Injection (CWE-77) vulnerability in Fortinet Forticlient Enterprise Management Server. Its CVSS base score is 7.3 (High).

Operationally, ranked in the top 18.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted…

more

requests.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

fortinet
forticlient enterprise management server
7.0.0 — 7.0.13 · 7.2.0 — 7.2.5

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References