An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] has been identified in Fortinet FortiIsolator before version 2.4.6. This vulnerability allows a privileged attacker with a super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests. With a CVSS score of 7.2, this vulnerability is classified as high severity, indicating a serious risk to users of affected products.
The exploitation of this vulnerability could lead to significant unauthorized actions within the affected system, as it allows attackers to execute commands that could compromise the integrity and availability of the system. Organizations using FortiIsolator must take this risk seriously and prioritize remediation efforts.
Given the nature of this vulnerability and the access required for exploitation, organizations should assess their Fortinet installations and ensure they are updated to the latest version to prevent potential exploits. The urgency for defenders is high, and patching should be prioritized immediately.
For more information on this vulnerability, including patch details, organizations can refer to the vendor advisory.
The vulnerability was published on April 8, 2025, and has been categorized under CWE-78, indicating its nature as an OS command injection.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)