CVE-2024-55594

Published: Mar 14, 2025Modified: Jul 24, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.

Affected (1)

Products: Fortinet: Fortiweb

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiweb	From 7.0.0 to 7.4.7

Related CWEs

Improper Handling of Syntactically Invalid Structure

The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-23-115

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.