CVE-2024-27785

MEDIUM

Fortinet FortiAIOps 2.0.0 - Authenticated CSV Injection via Poisoned Reports

Title source: llm

Description

An improper neutralization of formula elements in a CSV File [CWE-1236] vulnerability in Fortinet FortiAIOps 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports.

References (1)

Core 1

Core References

Vendor Advisory

https://fortiguard.fortinet.com/psirt/FG-IR-24-073

Scores

CVSS v3 5.4

EPSS 0.0041

EPSS Percentile 32.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1236

Status published

Products (1)

fortinet/fortiaiops 2.0.0

Published Jul 09, 2024

Tracked Since Feb 18, 2026