CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-21760: An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all...

7.7 CVSS

Description

An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code snippet.

Classification

CVE ID: CVE-2024-21760

CVSS Base Severity: HIGH

CVSS Base Score: 7.7

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:X/RC:X

Problem Types

Execute unauthorized code or commands

Affected Products

Vendor: Fortinet

Product: FortiSOAR

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 5.18% (scored less or equal to compared to others)

EPSS Date: 2025-04-16 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-21760
https://fortiguard.fortinet.com/psirt/FG-IR-23-420

Timeline

2025-03-18 14:40:22 UTC
CVE

An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all...