Cyber Resilience

CVE-2024-48890

Medium

Published: 14 January 2025

Published
14 January 2025
Modified
03 February 2025
KEV Added
Patch
CVSS Score v3.1 6.6 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
EPSS Score 0.0045 64.0th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-48890 is a medium-severity OS Command Injection (CWE-78) vulnerability in Fortinet Fortisoar Imap Connector. Its CVSS base score is 6.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 36.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-48890 is an improper neutralization of special elements used in an OS command, classified as an OS Command Injection vulnerability (CWE-78), affecting the FortiSOAR IMAP connector in version 3.5.7 and below. Published on 2025-01-14, it has a CVSS v3.1 base score of 6.6 (AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L).

An authenticated attacker with high privileges (PR:H) can exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). By crafting a specific playbook, the attacker may execute unauthorized code or commands, achieving low impacts on confidentiality, integrity, and availability with a changed scope (S:C).

The Fortinet PSIRT advisory provides details on mitigation; see https://fortiguard.fortinet.com/psirt/FG-IR-24-415.

EU & UK References

Vulnerability details

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

OS command injection (CWE-78) in authenticated high-priv context directly enables arbitrary command execution (T1059) and exploitation for privilege escalation due to changed scope (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-50566Same vendor: Fortinet
CVE-2024-52961Same vendor: Fortinet
CVE-2025-58034Same vendor: Fortinet
CVE-2025-53949Same vendor: Fortinet
CVE-2025-64155Same vendor: Fortinet
CVE-2026-39808Same vendor: Fortinet
CVE-2024-50567Same vendor: Fortinet
CVE-2024-50569Same vendor: Fortinet
CVE-2024-55590Same vendor: Fortinet
CVE-2024-26012Same vendor: Fortinet

Affected Assets

fortinet
fortisoar imap connector
≤ 3.5.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires information input validation and neutralization of special elements in inputs to the FortiSOAR IMAP connector, preventing OS command injection via crafted playbooks.

prevent

Mandates identification, reporting, and correction of the specific OS command injection flaw in FortiSOAR IMAP connector version 3.5.7 and below through timely flaw remediation.

prevent

Enforces least privilege for high-privilege authenticated users, limiting the impact and scope of unauthorized commands executed via the injection vulnerability.

References