Wiz
Base de datos de vulnerabilidadesCVE-2024-33508

CVE-2024-33508
FortiClient EMS Análisis y mitigación de vulnerabilidades

Vista general

An improper neutralization of special elements used in a command (Command Injection) vulnerability was discovered in Fortinet FortiClientEMS affecting versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.12. The vulnerability was assigned CVE-2024-33508 and was disclosed on September 10, 2024. This security flaw impacts the DAS component of FortiClientEMS, including both standard and cloud deployments (Fortinet Advisory).

Técnicas

The vulnerability is classified as CWE-77 (Improper Neutralization of Special Elements used in a Command) with a CVSS v3.1 base score of 7.3 (HIGH). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N). The scope is unchanged (S:U) with low impacts on confidentiality (C:L), integrity (I:L), and availability (A:L) (NVD).

Impacto

The vulnerability allows an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted requests. The impact is rated as low across confidentiality, integrity, and availability aspects of the system (Fortinet Advisory).

Mitigación y soluciones alternativas

Fortinet has released patches to address this vulnerability. Users of FortiClientEMS 7.2.x should upgrade to version 7.2.5 or above, while users of version 7.0.x should upgrade to 7.0.13 or above. For FortiSASE customers, Fortinet has remediated this issue in version 24.2.c with no action required from customers (Fortinet Advisory).

Reacciones de la comunidad

The vulnerability was responsibly disclosed by ANSSI to Fortinet, demonstrating effective coordination between security researchers and vendors (Fortinet Advisory).

Recursos adicionales

FuenteEste informe se generó utilizando IA

Relacionado FortiClient EMS Vulnerabilidades:

CVE ID

Severidad

Puntuación

Tecnologías

Nombre del componente

Exploit de CISA KEV

Tiene arreglo

Fecha de publicación

CVE-2026-35616CRITICAL9.8
  • FortiClient EMSFortiClient EMS
  • cpe:2.3:a:fortinet:forticlient_enterprise_management_server
Apr 04, 2026
CVE-2026-21643CRITICAL9.8
  • FortiClient EMSFortiClient EMS
  • cpe:2.3:a:fortinet:forticlient_endpoint_management_server
Feb 06, 2026
CVE-2023-48788CRITICAL9.8
  • FortiClient EMSFortiClient EMS
  • cpe:2.3:a:fortinet:forticlient_endpoint_management_server
Mar 12, 2024
CVE-2024-33508HIGH7.3
  • FortiClient EMSFortiClient EMS
  • cpe:2.3:a:fortinet:forticlient_enterprise_management_server
NoSep 10, 2024
CVE-2024-21753MEDIUM6
  • FortiClient EMSFortiClient EMS
  • cpe:2.3:a:fortinet:forticlient_endpoint_management_server
NoSep 10, 2024

Evaluación gratuita de vulnerabilidades

Compare su postura de seguridad en la nube

Evalúe sus prácticas de seguridad en la nube en 9 dominios de seguridad para comparar su nivel de riesgo e identificar brechas en sus defensas.

Solicitar evaluación

Recursos adicionales de Wiz

Obtén una demostración personalizada

¿Listo para ver a Wiz en acción?

"La mejor experiencia de usuario que he visto en mi vida, proporciona una visibilidad completa de las cargas de trabajo en la nube."
David EstlickCISO
"Wiz proporciona un panel único para ver lo que ocurre en nuestros entornos en la nube."
Adam FletcherJefe de Seguridad
"Sabemos que si Wiz identifica algo como crítico, en realidad lo es."
Greg PoniatowskiJefe de Gestión de Amenazas y Vulnerabilidades
Solicita una demo