FortiDDoS OS Command Injection Vulnerability Let Attackers Execute Unauthorized Commands

FortiDDoS OS Command Injection Vulnerability Let Attackers Execute Unauthorized Commands

Posted on By CWS

Fortinet has disclosed a medium-severity vulnerability in its FortiDDoS-F product line that would permit a privileged attacker to execute unauthorized instructions. Tracked as CVE-2024-45325, the flaw is an OS command injection vulnerability residing inside the product’s command-line interface (CLI).

The vulnerability, recognized as CWE-78, stems from an improper neutralization of particular components utilized in an OS command. An attacker with excessive privileges and native entry to the system may exploit this weak point by sending specifically crafted requests to the CLI.

A profitable exploit would permit the attacker to execute arbitrary code or instructions with the permissions of the applying, probably resulting in a full system compromise.

The vulnerability has been assigned a CVSSv3 rating of 6.5, categorizing it as medium severity.

The CVSS vector, AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, signifies that an attacker requires native entry and high-level privileges, and no consumer interplay is required.

Regardless of the excessive privilege requirement, the potential impression on confidentiality, integrity, and availability is excessive. The difficulty was internally found and reported by Théo Leleu of Fortinet’s Product Safety workforce.

Affected Variations and Mitigation

Fortinet has confirmed that a number of variations of FortiDDoS-F are affected by this vulnerability. The advisory, FG-IR-24-344, revealed on September 9, 2025, outlines the particular variations and the beneficial actions for directors.

VersionAffected RangeSolutionFortiDDoS-F 7.2Not affectedNot ApplicableFortiDDoS-F 7.07.0.0 by means of 7.0.2Upgrade to 7.0.3 or aboveFortiDDoS-F 6.6All versionsMigrate to a hard and fast releaseFortiDDoS-F 6.5All versionsMigrate to a hard and fast releaseFortiDDoS-F 6.4All versionsMigrate to a hard and fast releaseFortiDDoS-F 6.3All versionsMigrate to a hard and fast releaseFortiDDoS-F 6.2All versionsMigrate to a hard and fast releaseFortiDDoS-F 6.1All versionsMigrate to a hard and fast launch

Directors working susceptible variations are strongly urged to use the beneficial updates or migrate to a patched launch to stop potential exploitation.

Organizations utilizing FortiDDoS-F 7.0 ought to improve to model 7.0.3 instantly, whereas these on older branches (6.1 by means of 6.6) should plan a migration to a safe model.

Discover this Story Attention-grabbing! Comply with us on Google Information, LinkedIn, and X to Get Extra Instantaneous Updates.

Cyber Security News Tags:, , , , , , ,

Related Posts

GhostContainer Malware Hacking Exchange Servers in the Wild Using N-day Vulnerability GhostContainer Malware Hacking Exchange Servers in the Wild Using N-day Vulnerability Cyber Security News
Top Ransomware Actors Actively Attacking Financial Sector, 406 Incidents Publicly Disclosed Top Ransomware Actors Actively Attacking Financial Sector, 406 Incidents Publicly Disclosed Cyber Security News
Malware Targets Developers via Rogue npm Package Malware Targets Developers via Rogue npm Package Cyber Security News
Microsoft Anti-Spam Bug Blocks Users From Opening URLs in Exchange Online and Teams Microsoft Anti-Spam Bug Blocks Users From Opening URLs in Exchange Online and Teams Cyber Security News
Threat Actors Leverage npm Ecosystem to Deliver AdaptixC2 Post-Exploitation Framework Threat Actors Leverage npm Ecosystem to Deliver AdaptixC2 Post-Exploitation Framework Cyber Security News
Hackers Advertising New Nytheon AI Blackhat Tool on popular Hacking Forums Hackers Advertising New Nytheon AI Blackhat Tool on popular Hacking Forums Cyber Security News