CVE-2024-48889

7.2HIGH

Key Information

Vendor: Fortinet
Status: Fortimanager
Vendor: CVE Published:; 18 December 2024

Badges

📰 News Worthy

Summary

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below, version 7.2.7 to 7.2.1, version 7.0.12 to 7.0.1 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.

Affected Version(s)

FortiManager = 7.6.0

FortiManager <= 7.4.4

FortiManager <= 7.2.7

News Articles

Cyber Security News

CVE-2023-34990 CVE-2024-48889

Fortinet Vulnerabilities Let Attackers Execute Arbitrary Code Remotely

Fortinet, a leading cybersecurity solutions provider, has issued urgent advisories regarding two critical vulnerabilities affecting its FortiWLM and FortiManager products.

3 days ago

Refferences

https://fortiguard.fortinet.com/psirt/FG-IR-24-425

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

First article discovered by Cyber Security News
Dec 19, 2024
Vulnerability published
Dec 18, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)