FortiAIOps - CSV Injection in export device inventory feature
Summary
An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports.
Version | Affected | Solution |
---|---|---|
FortiAIOps 2.0 | 2.0.0 | Upgrade to 2.0.1 or above |
Acknowledgement
Internally discovered and reported by Shree Rawal of Fortinet PSIRT team.Timeline
2024-07-09: Initial publication