FortiDDoS Vulnerability Lets Hackers Execute Unauthorized OS Commands
gbhackersFortinet has disclosed a significant OS command injection vulnerability in its FortiDDoS-F appliances that could allow privileged attackers to execute unauthorized code or commands through the command-line interface (CLI).
The security flaw, identified as CVE-2024-45325, affects multiple versions of the FortiDDoS-F product line and carries a CVSS 3.1 score of 6.5, indicating medium severity.
Vulnerability Details
The vulnerability stems from improper neutralization of special elements used in OS commands, classified under Common Weakness Enumeration (CWE-78).
This OS command injection flaw specifically targets the FortiDDoS-F CLI, enabling malicious actors with privileged access to craft specialized CLI requests that bypass security controls.
The exploit could potentially compromise the integrity and confidentiality of affected systems, as reflected in the vulnerability’s high impact ratings for confidentiality, integrity, and availability.
| Field | Details |
| CVE ID | CVE-2024-45325 |
| Vulnerability Type | OS command injection in CLI (CWE-78) |
| Summary | Improper neutralization of special elements in OS commands ... |
Copyright of this story solely belongs to gbhackers . To see the full text click HERE