CVE-2024-50567

HighRCE

Published: 11 February 2025

Published

11 February 2025

Modified

22 July 2025

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0015 35.6th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-50567 is a high-severity OS Command Injection (CWE-78) vulnerability in Fortinet Fortiweb. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires information input validation mechanisms at input points to neutralize special elements and prevent OS command injection via crafted input.

SI-2 Flaw Remediation good match

prevent

Mandates timely identification, reporting, and remediation of flaws like this OS command injection vulnerability through patching affected FortiWeb versions.

AC-6 Least Privilege partial match

prevent

Enforces least privilege to limit the scope and impact of unauthorized command execution even by high-privilege attackers exploiting the vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

OS command injection in public-facing FortiWeb web app directly enables remote arbitrary command execution via crafted input (T1190) using Unix shell (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.

Deeper analysisAI

CVE-2024-50567 is an OS command injection vulnerability (CWE-78) in Fortinet FortiWeb versions 7.4.0 through 7.6.0. The flaw arises from improper neutralization of special elements used in an OS command, enabling attackers to execute unauthorized code or commands through crafted input. Published on 2025-02-11, it carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

An attacker with high privileges can exploit this vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation allows execution of arbitrary OS commands, resulting in high impacts to confidentiality, integrity, and availability.

Fortinet's PSIRT advisory FG-IR-24-438 at https://fortiguard.fortinet.com/psirt/FG-IR-24-438 provides further details on the vulnerability and mitigation steps.

Details

CWE(s): CWE-78

Affected Products

fortinet

fortiweb

7.6.0 · 7.0.0 — 7.4.6

CVEs Like This One

CVE-2025-66178Same product: Fortinet Fortiweb

CVE-2024-50569Same product: Fortinet Fortiweb

CVE-2025-58034Same product: Fortinet Fortiweb

CVE-2025-52970Same product: Fortinet Fortiweb

CVE-2025-64447Same product: Fortinet Fortiweb

CVE-2025-59719Same product: Fortinet Fortiweb

CVE-2024-55594Same product: Fortinet Fortiweb

CVE-2026-24017Same product: Fortinet Fortiweb

CVE-2024-55597Same product: Fortinet Fortiweb

CVE-2026-40688Same product: Fortinet Fortiweb

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-438
Vendor Advisory · psirt@fortinet.com