Cyber Posture

CVE-2024-50569

MediumRCE

Published: 11 February 2025

Published
11 February 2025
Modified
22 July 2025
KEV Added
Patch
CVSS Score 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0013 32.0th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-50569 is a medium-severity OS Command Injection (CWE-78) vulnerability in Fortinet Fortiweb. Its CVSS base score is 6.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the OS command injection flaw in FortiWeb by applying vendor patches, preventing execution of unauthorized commands via crafted input.

SI-10 Information Input Validation good match
prevent

Enforces validation and sanitization of crafted inputs to the vulnerable component, directly countering improper neutralization of special elements in OS commands.

AC-6 Least Privilege partial match
prevent

Limits the availability and scope of high-privilege (PR:H) accounts required to exploit the vulnerability, reducing the attack surface and potential impact of command execution.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

OS command injection (CWE-78) in public-facing FortiWeb appliance directly enables remote arbitrary command execution via crafted input (T1190) using Unix shell (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.

Deeper analysisAI

CVE-2024-50569 is an OS command injection vulnerability (CWE-78) affecting Fortinet FortiWeb versions 7.0.0 through 7.6.0. The issue arises from improper neutralization of special elements used in an OS command, enabling attackers to execute unauthorized code or commands through crafted input. It received a CVSS v3.1 base score of 6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H).

An attacker with high privileges (PR:H) can exploit this vulnerability over the network (AV:N), though it requires high attack complexity (AC:H) and no user interaction (UI:N). Successful exploitation allows execution of arbitrary OS commands, potentially leading to high impacts on confidentiality, integrity, and availability within the unchanged scope (S:U).

The Fortinet advisory FG-IR-24-438 provides details on mitigation: https://fortiguard.fortinet.com/psirt/FG-IR-24-438.

Details

CWE(s)
CWE-78

Affected Products

fortinet
fortiweb
7.6.0 · 7.0.0 — 7.4.6

CVEs Like This One

CVE-2025-66178Same product: Fortinet Fortiweb
CVE-2024-50567Same product: Fortinet Fortiweb
CVE-2025-58034Same product: Fortinet Fortiweb
CVE-2025-52970Same product: Fortinet Fortiweb
CVE-2025-64447Same product: Fortinet Fortiweb
CVE-2025-59719Same product: Fortinet Fortiweb
CVE-2024-55594Same product: Fortinet Fortiweb
CVE-2026-24017Same product: Fortinet Fortiweb
CVE-2024-55597Same product: Fortinet Fortiweb
CVE-2026-40688Same product: Fortinet Fortiweb

References