CVE-2024-50566
published 2025-01-14CVE-2024-50566: A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiManager Cloud 7.6.0 through 7.6.1…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.05%
60.2th percentile
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiManager Cloud 7.6.0 through 7.6.1, FortiManager Cloud 7.4.0 through 7.4.4, FortiManager Cloud 7.2.2 through 7.2.7, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.1 through 7.2.8 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | >= 7.2.1 < 7.2.9 | 7.2.9 |
| fortinet | fortimanager | 7.2.1 – 7.2.8 | — |
| fortinet | fortimanager | >= 7.4.0 < 7.4.6 | 7.4.6 |
| fortinet | fortimanager | 7.4.0 – 7.4.5 | — |
| fortinet | fortimanager | >= 7.6.0 < 7.6.2 | 7.6.2 |
| fortinet | fortimanager | 7.6.0 – 7.6.1 | — |
| fortinet | fortimanager_cloud | >= 7.2.2 < 7.2.8 | 7.2.8 |
| fortinet | fortimanager_cloud | 7.2.2 – 7.2.7 | — |
| fortinet | fortimanager_cloud | >= 7.4.0 < 7.4.5 | 7.4.5 |
| fortinet | fortimanager_cloud | 7.4.1 – 7.4.4 | — |
| fortinet | fortimanager_cloud | >= 7.6.0 < 7.6.2 | 7.6.2 |
| fortinet | fortimanagercloud | — | — |
| fortinet | fortinet | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for crafted FGFM (FortiGate-to-FortiManager) protocol requests that may contain injected OS command special elements, originating from authenticated remote attackers. ↗
- →Audit FortiManager and FortiManager Cloud instances running affected versions (FortiManager 7.2.1–7.2.8, 7.4.0–7.4.5, 7.6.0–7.6.1; FortiManager Cloud 7.2.2–7.2.7, 7.4.0–7.4.4, 7.6.0–7.6.1) for anomalous authenticated sessions and unexpected OS-level command execution. ↗
- ·Exploitation requires prior authentication; threat model should prioritize insider threats, compromised credentials, or chained authentication bypass vulnerabilities as precursors. ↗
- ·The vulnerability is specific to the FGFM (FortiGate-to-FortiManager) protocol interface; ensure FGFM access is restricted to trusted FortiGate devices only and not exposed to untrusted networks. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mphf-cc86-chgh: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager versions 7
ghsa_unreviewed·2025-01-14
CVE-2024-50566 [HIGH] CWE-78 GHSA-mphf-cc86-chgh: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager versions 7
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7.6.1, versions 7.4.0 through 7.4.4, and versions 7.2.2 through 7.2.7 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.
Fortinet
OS Command Injection
vendor_fortinet·2025-01-14·CVSS 7.2
CVE-2024-50566 [HIGH] CWE-78 OS Command Injection
FG-IR-24-463: OS Command Injection
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiManager Cloud 7.6.0 through 7.6.1, FortiManager Cloud 7.4.0 through 7.4.4, FortiManager Cloud 7.2.2 through 7.2.7, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.1 through 7.2.8 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.
CVEs: CVE-2024-50566
CWEs: CWE-78
CVSS: 7.2 (high)
Affected products: FortiManager, FortiManagercloud, Fortinet
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-14
Published