vulnerability

Fortinet FortiOS: Unspecified Security Vulnerability (CVE-2024-33510)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	2024-11-12	2025-01-20	2025-01-30

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

2024-11-12

Added

2025-01-20

Modified

2025-01-30

Description

An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests.

Solution(s)

fortios-upgrade-7_2_9fortios-upgrade-7_4_4

References

CVE-2024-33510
https://attackerkb.com/topics/CVE-2024-33510
URL-https://fortiguard.fortinet.com/psirt/FG-IR-24-033

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today