OS Command Injection Vulnerability in Fortinet FortiManager and FortiAnalyzer
CVE-2024-32118

6.7MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortimanager; Fortianalyzer; Fortianalyzer Big Data
Vendor: CVE Published:; 12 November 2024

Summary

Multiple vulnerabilities exist in Fortinet FortiManager and FortiAnalyzer due to improper neutralization of special elements in OS commands. An authenticated attacker with privileged access can exploit this flaw by crafting specific CLI requests. This allows unauthorized code execution, potentially compromising the integrity and confidentiality of the affected systems. All users of Fortinet's affected products are advised to review security patches and apply necessary updates to mitigate these risks.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-116

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024