cnvd - cnvd-2025-03519

cnvd-2025-03519

Vulnerability from cnvd

Title: Fortinet FortiWeb操作系统命令注入漏洞（CNVD-2025-03519）

Description:

Fortinet FortiWeb是美国飞塔（Fortinet）公司的一款Web应用层防火墙，它能够阻断如跨站点脚本、SQL注入、Cookie中毒、schema中毒等攻击的威胁，保证Web应用程序的安全性并保护敏感的数据库内容。

Fortinet FortiWeb存在操作系统命令注入漏洞，该漏洞源于操作系统命令中使用的特殊元素的不当中和导致操作系统命令注入。攻击者可利用该漏洞导致任意命令执行。

Severity: 高

Patch Name: Fortinet FortiWeb操作系统命令注入漏洞（CNVD-2025-03519）的补丁

Patch Description:

Fortinet FortiWeb存在操作系统命令注入漏洞，该漏洞源于操作系统命令中使用的特殊元素的不当中和导致操作系统命令注入。攻击者可利用该漏洞导致任意命令执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://fortiguard.com/psirt/FG-IR-24-438

Reference: https://fortiguard.fortinet.com/psirt/FG-IR-24-438

Impacted products

Name
Fortinet FortiWeb >=7.4.0，<=7.6.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-50567",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-50567"
    }
  },
  "description": "Fortinet FortiWeb\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u5e94\u7528\u5c42\u9632\u706b\u5899\uff0c\u5b83\u80fd\u591f\u963b\u65ad\u5982\u8de8\u7ad9\u70b9\u811a\u672c\u3001SQL\u6ce8\u5165\u3001Cookie\u4e2d\u6bd2\u3001schema\u4e2d\u6bd2\u7b49\u653b\u51fb\u7684\u5a01\u80c1\uff0c\u4fdd\u8bc1Web\u5e94\u7528\u7a0b\u5e8f\u7684\u5b89\u5168\u6027\u5e76\u4fdd\u62a4\u654f\u611f\u7684\u6570\u636e\u5e93\u5185\u5bb9\u3002\n\nFortinet FortiWeb\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u4e2d\u4f7f\u7528\u7684\u7279\u6b8a\u5143\u7d20\u7684\u4e0d\u5f53\u4e2d\u548c\u5bfc\u81f4\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4efb\u610f\u547d\u4ee4\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://fortiguard.com/psirt/FG-IR-24-438",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-03519",
  "openTime": "2025-02-24",
  "patchDescription": "Fortinet FortiWeb\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u5e94\u7528\u5c42\u9632\u706b\u5899\uff0c\u5b83\u80fd\u591f\u963b\u65ad\u5982\u8de8\u7ad9\u70b9\u811a\u672c\u3001SQL\u6ce8\u5165\u3001Cookie\u4e2d\u6bd2\u3001schema\u4e2d\u6bd2\u7b49\u653b\u51fb\u7684\u5a01\u80c1\uff0c\u4fdd\u8bc1Web\u5e94\u7528\u7a0b\u5e8f\u7684\u5b89\u5168\u6027\u5e76\u4fdd\u62a4\u654f\u611f\u7684\u6570\u636e\u5e93\u5185\u5bb9\u3002\r\n\r\nFortinet FortiWeb\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u4e2d\u4f7f\u7528\u7684\u7279\u6b8a\u5143\u7d20\u7684\u4e0d\u5f53\u4e2d\u548c\u5bfc\u81f4\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4efb\u610f\u547d\u4ee4\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fortinet FortiWeb\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2025-03519\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Fortinet FortiWeb \u003e=7.4.0\uff0c\u003c=7.6.0"
  },
  "referenceLink": "https://fortiguard.fortinet.com/psirt/FG-IR-24-438",
  "serverity": "\u9ad8",
  "submitTime": "2025-02-17",
  "title": "Fortinet FortiWeb\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2025-03519\uff09"
}

CVE-2024-50567 (GCVE-0-2024-50567)

Vulnerability from cvelistv5

Published

2025-02-11 16:09

Modified

2025-02-14 04:55

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RC:C

CWE

CWE-78 - Execute unauthorized code or commands

Summary

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.

References

▼	URL	Tags
	https://fortiguard.fortinet.com/psirt/FG-IR-24-438

Impacted products

	Vendor	Product	Version
	Fortinet	FortiWeb	Version: 7.6.0 Version: 7.4.0 ≤ 7.4.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-50567",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T04:55:16.983Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiWeb",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T16:09:04.155Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-438",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-438"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiWeb version 7.6.1 or above \nPlease upgrade to FortiWeb version 7.4.6 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-50567",
    "datePublished": "2025-02-11T16:09:04.155Z",
    "dateReserved": "2024-10-24T11:52:14.401Z",
    "dateUpdated": "2025-02-14T04:55:16.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted