CVE-2024-47572

Critical

Published: 14 January 2025

Published

14 January 2025

Modified

16 July 2025

KEV Added

—

Patch

—

CVSS Score 9.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.0074 72.9th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47572 is a critical-severity Improper Neutralization of Formula Elements in a CSV File (CWE-1236) vulnerability in Fortinet Fortisoar. Its CVSS base score is 9.0 (Critical).

Operationally, ranked in the top 27.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses improper neutralization of formula elements in CSV files by requiring validation and sanitization of inputs to prevent unauthorized code execution.

SI-2 Flaw Remediation good match

prevent

Ensures timely identification, reporting, and remediation of the specific flaw in FortiSOAR's CSV processing through patching as recommended in the vendor advisory.

SI-3 Malicious Code Protection good match

prevent

Deploys malicious code protection mechanisms at system entry points to block execution of unauthorized commands injected via manipulated CSV formula elements.

NVD Description

An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file

Deeper analysisAI

CVE-2024-47572 is a vulnerability involving improper neutralization of formula elements in a CSV file within Fortinet FortiSOAR versions 7.2.1 through 7.4.1. This issue, linked to CWE-1236, enables an attacker to execute unauthorized code or commands by manipulating a CSV file. Published on 2025-01-14, it carries a CVSS v3.1 base score of 9.0 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H), reflecting its critical severity due to network accessibility, low attack complexity, and high potential impacts.

An attacker with low privileges can exploit this vulnerability remotely by crafting a malicious CSV file that requires user interaction, such as opening or processing it within FortiSOAR. Upon successful exploitation, the attacker achieves high confidentiality, integrity, and availability impacts across the affected system's scope, potentially leading to arbitrary code execution and full compromise of the FortiSOAR instance.

The Fortinet advisory at https://fortiguard.fortinet.com/psirt/FG-IR-24-210 provides details on mitigation and patches for this vulnerability.

Details

CWE(s): CWE-1236

Affected Products

fortinet

fortisoar

7.2.1 — 7.2.2 · 7.3.0 — 7.3.3 · 7.4.0 — 7.4.2

CVEs Like This One

CVE-2026-23708Same product: Fortinet Fortisoar

CVE-2024-21760Same product: Fortinet Fortisoar

CVE-2024-27778Same vendor: Fortinet

CVE-2024-48885Same vendor: Fortinet

CVE-2024-52960Same vendor: Fortinet

CVE-2026-22153Same vendor: Fortinet

CVE-2024-45328Same vendor: Fortinet

CVE-2024-54018Same vendor: Fortinet

CVE-2024-26006Same vendor: Fortinet

CVE-2026-24017Same vendor: Fortinet

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-210
Vendor Advisory · psirt@fortinet.com