OS Command Injection Vulnerability in FortiManager by Fortinet
CVE-2024-48889

7.2HIGH

Key Information:

Vendor: Fortinet
Status: Fortimanager
Vendor: CVE Published:; 18 December 2024

Badges

📰 News Worthy

What is CVE-2024-48889?

The vulnerability presents an OS Command Injection risk, where improper neutralization of special elements allows an authenticated remote attacker to execute unauthorized commands. This affects multiple versions of FortiManager and FortiManager Cloud, posing significant security risks if exploited. Crafting specific FGFM requests could enable attackers to run arbitrary code, potentially compromising the integrity and availability of the affected systems.

Affected Version(s)

FortiManager 7.6.0

FortiManager 7.4.0 <= 7.4.4

FortiManager 7.2.3 <= 7.2.7

News Articles

Cyber Security News

CVE-2023-34990 CVE-2024-48889

Fortinet Vulnerabilities Let Attackers Execute Arbitrary Code Remotely

Fortinet, a leading cybersecurity solutions provider, has issued urgent advisories regarding two critical vulnerabilities affecting its FortiWLM and FortiManager products.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-425

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Cyber Security News
Dec 19, 2024
Vulnerability published
Dec 18, 2024