CVE-2024-50567 – This CVE describes an OS command injection vuln... (How to Fix)

Q: What is the severity of CVE-2024-50567?

CVE-2024-50567 has a CVSS score of 7.2 (HIGH). This CVE describes an OS command injection vulnerability in Fortinet FortiWeb web application firewalls. Attackers can execute arbitrary commands on affected devices by sending specially crafted input. Organizations running FortiWeb versions 7.4.0 through 7.6.0 are vulnerable.

📋 TL;DR

This CVE describes an OS command injection vulnerability in Fortinet FortiWeb web application firewalls. Attackers can execute arbitrary commands on affected devices by sending specially crafted input. Organizations running FortiWeb versions 7.4.0 through 7.6.0 are vulnerable.

💻 Affected Systems

Products:

Fortinet FortiWeb

Versions: 7.4.0 through 7.6.0

Operating Systems: FortiWeb OS

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments within affected version range are vulnerable regardless of configuration.

📦 What is this software?

Fortiweb by Fortinet

View all CVEs affecting Fortiweb →

Fortiweb by Fortinet

View all CVEs affecting Fortiweb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the FortiWeb device leading to lateral movement into protected networks, data exfiltration, or deployment of persistent backdoors.

🟠

Likely Case

Unauthorized command execution allowing attackers to modify configurations, disable security controls, or use the device as a pivot point.

🟢

If Mitigated

Limited impact due to network segmentation, restricted administrative access, and proper input validation controls.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires network access to the FortiWeb management interface or vulnerable service.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FortiWeb 7.6.1 or later

Vendor Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-24-438

Restart Required: No

Instructions:

1. Log into FortiWeb management interface. 2. Navigate to System > Dashboard. 3. Check for available firmware updates. 4. Download and install FortiWeb 7.6.1 or later. 5. Verify successful update in System > Dashboard.

🔧 Temporary Workarounds

Restrict Management Access

all

Limit network access to FortiWeb management interfaces to trusted IP addresses only.

config system interface
edit port1
set allowaccess https ssh
set trust-ip-list 192.168.1.0/24
end

🧯 If You Can't Patch

Implement strict network segmentation to isolate FortiWeb devices from critical systems.
Deploy additional WAF or IPS solutions in front of FortiWeb to detect and block exploitation attempts.

🔍 How to Verify

Check if Vulnerable:

Check FortiWeb firmware version via GUI: System > Dashboard > System Information, or CLI: get system status

Check Version:

get system status | grep Version

Verify Fix Applied:

Confirm firmware version is 7.6.1 or later via System > Dashboard > System Information

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Multiple failed authentication attempts followed by successful login
Configuration changes from unexpected sources

Network Indicators:

Unusual outbound connections from FortiWeb device
Traffic patterns inconsistent with normal WAF operations

SIEM Query:

source="fortiweb" AND (event_type="system" OR event_type="admin") AND (message="*command*" OR message="*exec*" OR message="*injection*")

📊 Metadata

CVE ID: CVE-2024-50567

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.41% exploit probability (60.9th percentile)

Published: February 11, 2025

Last Updated: July 22, 2025

🔗 References

https://fortiguard.fortinet.com/psirt/FG-IR-24-438 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50567, you might also want to check these: