Metrics
Affected Vendors & Products
Configuration 1 [-]
|
No data.
No data.
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-53173 | An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or commands via the CLI. |
Solution
Please upgrade to FortiMail version 7.4.0 or above Please upgrade to FortiMail version 7.2.5 or above Please upgrade to FortiMail version 7.0.7 or above Please upgrade to FortiMail version 6.4.8 or above Please upgrade to FortiRecorder version 7.2.0 or above Please upgrade to FortiRecorder version 7.0.2 or above Please upgrade to FortiRecorder version 6.4.5 or above
Workaround
No workaround given by the vendor.
| Link | Providers |
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-23-170 |
|
Mon, 03 Feb 2025 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:* |
Tue, 14 Jan 2025 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 14 Jan 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or commands via the CLI. | |
| First Time appeared |
Fortinet
Fortinet fortimail Fortinet fortirecorder |
|
| Weaknesses | CWE-78 | |
| CPEs | cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:* |
|
| Vendors & Products |
Fortinet
Fortinet fortimail Fortinet fortirecorder |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published:
Updated: 2025-01-14T20:55:21.625Z
Reserved: 2024-12-26T15:39:07.871Z
Link: CVE-2024-56497
Vulnrichment
Updated: 2025-01-14T15:16:40.400Z
NVD
Status : Analyzed
Published: 2025-01-14T14:15:34.760
Modified: 2025-02-03T20:49:01.510
Link: CVE-2024-56497
Redhat
No data.
OpenCVE Enrichment
No data.