Cyber Resilience

CVE-2024-47572

Critical

Published: 14 January 2025

Published
14 January 2025
Modified
16 July 2025
KEV Added
Patch
CVSS Score v3.1 9.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0076 73.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47572 is a critical-severity Improper Neutralization of Formula Elements in a CSV File (CWE-1236) vulnerability in Fortinet Fortisoar. Its CVSS base score is 9.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 26.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-47572 is a vulnerability involving improper neutralization of formula elements in a CSV file within Fortinet FortiSOAR versions 7.2.1 through 7.4.1. This issue, linked to CWE-1236, enables an attacker to execute unauthorized code or commands by manipulating a CSV file. Published on 2025-01-14, it carries a CVSS v3.1 base score of 9.0 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H), reflecting its critical severity due to network accessibility, low attack complexity, and high potential impacts.

An attacker with low privileges can exploit this vulnerability remotely by crafting a malicious CSV file that requires user interaction, such as opening or processing it within FortiSOAR. Upon successful exploitation, the attacker achieves high confidentiality, integrity, and availability impacts across the affected system's scope, potentially leading to arbitrary code execution and full compromise of the FortiSOAR instance.

The Fortinet advisory at https://fortiguard.fortinet.com/psirt/FG-IR-24-210 provides details on mitigation and patches for this vulnerability.

EU & UK References

Vulnerability details

An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

CSV formula injection (CWE-1236) directly enables delivery of a malicious file that triggers command execution upon processing/opening.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-21760Same product: Fortinet Fortisoar
CVE-2026-23708Same product: Fortinet Fortisoar
CVE-2026-39815Same vendor: Fortinet
CVE-2026-40688Same vendor: Fortinet
CVE-2024-55597Same vendor: Fortinet
CVE-2024-48890Same vendor: Fortinet
CVE-2024-52960Same vendor: Fortinet
CVE-2024-36512Same vendor: Fortinet
CVE-2024-55590Same vendor: Fortinet
CVE-2024-50563Same vendor: Fortinet

Affected Assets

fortinet
fortisoar
7.2.1 — 7.2.2 · 7.3.0 — 7.3.3 · 7.4.0 — 7.4.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses improper neutralization of formula elements in CSV files by requiring validation and sanitization of inputs to prevent unauthorized code execution.

prevent

Ensures timely identification, reporting, and remediation of the specific flaw in FortiSOAR's CSV processing through patching as recommended in the vendor advisory.

prevent

Deploys malicious code protection mechanisms at system entry points to block execution of unauthorized commands injected via manipulated CSV formula elements.

References