Vulnerability Details CVE-2024-33508
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.073
EPSS Ranking 91.2%
CVSS Severity
CVSS v3 Score 7.3
Products affected by CVE-2024-33508
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.0
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.1
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.10
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.11
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.12
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.2
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.3
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.4
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.6
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.7
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.8
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.0.9
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.2.0
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.2.1
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.2.2
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.2.3
-
cpe:2.3:a:fortinet:forticlient_enterprise_management_server:7.2.4