Products
FortiAIOps
- 2.0.0
Source
psirt@fortinet.com
Tags
CVE-2024-27785 details
Published : July 9, 2024, 4:15 p.m.
Last Modified : July 9, 2024, 6:18 p.m.
Last Modified : July 9, 2024, 6:18 p.m.
Description
An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps version 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports.
CVSS Score
1 | 2 | 3 | 4 | 5.4 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-1236 | Improper Neutralization of Formula Elements in a CSV File | The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
Base Score
5.4
Exploitability Score
2.3
Impact Score
2.7
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L
References
URL | Source |
---|---|
https://fortiguard.fortinet.com/psirt/FG-IR-24-073 | psirt@fortinet.com |
This website uses the NVD API, but is not approved or certified by it.