OS Command Injection Vulnerability in FortiManager by Fortinet
CVE-2024-48889

7.2HIGH

Key Information:

Vendor: Fortinet
Status: Fortimanager
Vendor: CVE Published:; 18 December 2024

Badges

📰 News Worthy

Summary

The vulnerability presents an OS Command Injection risk, where improper neutralization of special elements allows an authenticated remote attacker to execute unauthorized commands. This affects multiple versions of FortiManager and FortiManager Cloud, posing significant security risks if exploited. Crafting specific FGFM requests could enable attackers to run arbitrary code, potentially compromising the integrity and availability of the affected systems.

Affected Version(s)

FortiManager 7.6.0

FortiManager 7.4.0 <= 7.4.4

FortiManager 7.2.3 <= 7.2.7

News Articles

🔗Cyber Security News

CVE-2023-34990 CVE-2024-48889

Fortinet Vulnerabilities Let Attackers Execute Arbitrary Code Remotely

Fortinet, a leading cybersecurity solutions provider, has issued urgent advisories regarding two critical vulnerabilities affecting its FortiWLM and FortiManager products.

2 months ago

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-425

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by Cyber Security News
Dec 19, 2024
Vulnerability published
Dec 18, 2024

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

Fortinet Vulnerabilities Let Attackers Execute Arbitrary Code Remotely

References

CVSS V3.1

Timeline