OS Command Injection Vulnerability in Fortinet FortiAnalyzer and FortiManager Products
CVE-2024-40584
6.8MEDIUM
What is CVE-2024-40584?
An OS command injection vulnerability allows an authenticated privileged attacker to execute unauthorized commands or code through specially crafted HTTP or HTTPS requests in multiple versions of Fortinet's FortiAnalyzer and FortiManager products. This flaw could lead to unauthorized access and execution of arbitrary commands, potentially compromising system integrity and data security.
Affected Version(s)
FortiAnalyzer 7.4.0 <= 7.4.3
FortiAnalyzer 7.2.0 <= 7.2.5
FortiAnalyzer 7.0.0 <= 7.0.13