Vulnerabilities > CVE-2024-27785 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Fortiaiops 2.0.0

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

network

low complexity

fortinet

CWE-1236

NVD

Published: 2024-07-09

Updated: 2024-09-09

Summary

An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps version 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports.

Vulnerable Configurations

Part	Description	Count
Application	Fortinet Fortinet Fortiaiops 2.0.0	1

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-073