CVE-2024-23109

CVE Database · CVE-2024-23109

CVE-2024-23109

· CRITICALModified

CVSS v3.1

10.0

EPSS

3.22%

Published

Feb 5, 2024

Modified

Jan 14, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weaknesses (CWE)

CWE-78CWE-78

Affected Products (7)

fortinet · fortisiemvulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-23-130

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-23-130

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs