CVE-2024-48890

Medium

Published: 14 January 2025

Published

14 January 2025

Modified

03 February 2025

KEV Added

—

Patch

—

CVSS Score 6.6 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

EPSS Score 0.0034 56.8th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook

Security Summary

CVE-2024-48890 is an improper neutralization of special elements used in an OS command, classified as an OS Command Injection vulnerability (CWE-78), affecting the FortiSOAR IMAP connector in version 3.5.7 and below. Published on 2025-01-14, it has a CVSS v3.1 base score of 6.6 (AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L).

An authenticated attacker with high privileges (PR:H) can exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). By crafting a specific playbook, the attacker may execute unauthorized code or commands, achieving low impacts on confidentiality, integrity, and availability with a changed scope (S:C).

The Fortinet PSIRT advisory provides details on mitigation; see https://fortiguard.fortinet.com/psirt/FG-IR-24-415.

Details

CWE(s): CWE-78

Affected Products

fortinet

fortisoar imap connector

≤ 3.5.8

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-415
Vendor Advisory · psirt@fortinet.com