FortiDDoS OS Command Injection Vulnerability Allows Attackers to Execute Unauthorized Commands
Fortinet has disclosed a medium-severity vulnerability in its FortiDDoS-F product line, tracked as CVE-2024-45325. This OS command injection vulnerability exists within the product’s command-line interface (CLI) and is classified as CWE-78. It arises from improper neutralisation of special elements used in an OS command. A privileged attacker with local access to the system could exploit this flaw by sending specially crafted requests to the CLI. A successful exploit would enable the attacker to execute arbitrary code or commands with the application’s permissions, potentially leading to a full system compromise. The vulnerability has been assigned a CVSSv3 score of 6.5, indicating a medium severity level. The CVSS vector, AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, highlights that local access and high-level privileges are required, with no user interaction necessary. Despite the high privilege requirement, the potential impact on confidentiality, integrity, and availability remains significant.
Fortinet has confirmed that multiple versions of FortiDDoS-F are affected by this vulnerability. The advisory, FG-IR-24-344, published on September 9, 2025, details the specific versions and recommended actions for administrators. FortiDDoS-F 7.2 is not affected, while versions 7.0.0 through 7.0.2 require an upgrade to 7.0.3 or above. All versions of FortiDDoS-F 6.1 through 6.6 necessitate migration to a fixed release. Administrators running vulnerable versions are strongly urged to apply the recommended updates or migrate to a patched release to prevent potential exploitation. Organisations using FortiDDoS-F 7.0 should upgrade to version 7.0.3 immediately, while those on older branches must plan a migration to a secure version.
Categories: Vulnerability Disclosure, Command Injection, Software Mitigation
Tags: Fortinet, Vulnerability, FortiDDoS-F, OS Command Injection, Privileged Attacker, CVE-2024-45325, CLI, Exploit, CVSS, Mitigation