CVE-2024-48889OS Command Injection in Fortinet Fortimanager

CWE-78OS Command Injection3 documents3 sources
Severity
7.2HIGHNVD
EPSS
2.2%
top 15.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortimanagerFortinet Fortimanager Cloud
Timeline
PublishedDec 18

Description

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below, version 7.2.7 to 7.2.1, version 7.0.12 to 7.0.1 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

NVDfortinet/fortimanager_cloud7.0.17.0.13+2
NVDfortinet/fortimanager6.4.106.4.15+4
CVEListV5fortinet/fortimanager7.4.07.4.4+4

🔴Vulnerability Details

1
CVEList
CVE-2024-48889: An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 72024-12-18

📋Vendor Advisories

1
Fortinet
OS command injection2024-12-18
CVE-2024-48889 — OS Command Injection in Fortinet | cvebase