CVE-2024-55590

HighRCE

Published: 11 March 2025

Published

11 March 2025

Modified

23 July 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0059 69.2th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55590 is a high-severity OS Command Injection (CWE-78) vulnerability in Fortinet Fortiisolator. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 30.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Unix Shell (T1059.004). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires information input validation at CLI entry points to neutralize special elements and prevent OS command injection.

SI-2 Flaw Remediation good match

prevent

Mandates timely identification, reporting, and correction of the specific flaw in CLI command handling that enables OS command injection.

SI-9 Information Input Restrictions partial match

prevent

Enforces restrictions on CLI inputs to block malicious payloads containing OS command injection attempts.

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

OS command injection via CLI directly enables arbitrary command execution on the Linux-based Fortinet appliance, mapping to Unix Shell.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission and CLI access to execute unauthorized code…

via specifically crafted CLI commands.

Deeper analysisAI

CVE-2024-55590 consists of multiple improper neutralization of special elements used in an OS command vulnerabilities, classified as OS Command Injection (CWE-78), affecting Fortinet FortiIsolator versions 2.4.0 through 2.4.5. These flaws arise from inadequate handling of special elements within CLI commands, enabling injection of malicious OS commands.

An authenticated attacker with at least read-only admin permissions and CLI access can exploit these vulnerabilities by submitting specifically crafted CLI commands, resulting in the execution of unauthorized code on the affected system. The CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) reflects high severity, with network accessibility, low attack complexity, low privileges required, no user interaction, and high impacts on confidentiality, integrity, and availability.

Mitigation details are available in the Fortinet product security incident response advisory at https://fortiguard.fortinet.com/psirt/FG-IR-24-178.

Details

CWE(s): CWE-78

Affected Products

fortinet

fortiisolator

2.4.0 — 2.4.6

CVEs Like This One

CVE-2024-54018Same vendor: Fortinet

CVE-2025-53949Same vendor: Fortinet

CVE-2024-33507Same product: Fortinet Fortiisolator

CVE-2025-66178Same vendor: Fortinet

CVE-2026-25836Same vendor: Fortinet

CVE-2024-50569Same vendor: Fortinet

CVE-2024-50566Same vendor: Fortinet

CVE-2026-39808Same vendor: Fortinet

CVE-2025-64155Same vendor: Fortinet

CVE-2024-50567Same vendor: Fortinet

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-178
Vendor Advisory · psirt@fortinet.com