Command Injection Vulnerability in Fortinet FortiManager Products
CVE-2024-46662

8.3HIGH

Key Information:

Vendor
Fortinet
Status
Fortimanager
Vendor
CVE Published:
14 March 2025

What is CVE-2024-46662?

CVE-2024-46662 is a command injection vulnerability found in the Fortinet FortiManager product family, specifically within versions 7.4.1 to 7.4.3. FortiManager is used for centralized management of Fortinet devices, providing capabilities such as security policy management and automation for Fortinet's network security solutions. The vulnerability arises from improper handling of command elements, which could allow an attacker to escalate their privileges by sending specially crafted packets. This situation can severely compromise an organization's security posture, potentially leading to unauthorized access or control over essential network management functionalities.

Technical Details

The vulnerability is classified as a command injection flaw, characterized by the improper neutralization of special elements used in commands. This failure allows an attacker to manipulate the execution of commands on the FortiManager system. The affected versions include both on-premises installations and cloud versions of FortiManager, emphasizing the breadth of this vulnerability across deployment types.

Potential Impact of CVE-2024-46662

  1. Privilege Escalation: Successful exploitation of this vulnerability can enable attackers to gain elevated privileges, granting them access to sensitive configurations and management functionalities, which could lead to broader system compromises.

  2. Unauthorized Access: If exploited, attackers could manipulate network management tools to access restricted areas of the network, leading to data exfiltration or modification of security policies that may undermine the organization's overall security framework.

  3. Increased Attack Surface: With command injection capabilities, malicious actors could potentially introduce custom commands that facilitate further attacks, including the deployment of additional malware or tunneling tools, heightening the risk to the entire network environment.

Affected Version(s)

FortiManager 7.4.1 <= 7.4.3

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-222

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.