cbcvebase.
CVE-2024-50566
published 2025-01-14

CVE-2024-50566: A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiManager Cloud 7.6.0 through 7.6.1…

PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.05%
60.2th percentile
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiManager Cloud 7.6.0 through 7.6.1, FortiManager Cloud 7.4.0 through 7.4.4, FortiManager Cloud 7.2.2 through 7.2.7, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.1 through 7.2.8 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.

Affected

14 ranges
VendorProductVersion rangeFixed in
fortinetfortimanager
fortinetfortimanager>= 7.2.1 < 7.2.97.2.9
fortinetfortimanager7.2.1 – 7.2.8
fortinetfortimanager>= 7.4.0 < 7.4.67.4.6
fortinetfortimanager7.4.0 – 7.4.5
fortinetfortimanager>= 7.6.0 < 7.6.27.6.2
fortinetfortimanager7.6.0 – 7.6.1
fortinetfortimanager_cloud>= 7.2.2 < 7.2.87.2.8
fortinetfortimanager_cloud7.2.2 – 7.2.7
fortinetfortimanager_cloud>= 7.4.0 < 7.4.57.4.5
fortinetfortimanager_cloud7.4.1 – 7.4.4
fortinetfortimanager_cloud>= 7.6.0 < 7.6.27.6.2
fortinetfortimanagercloud
fortinetfortinet

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor for crafted FGFM (FortiGate-to-FortiManager) protocol requests that may contain injected OS command special elements, originating from authenticated remote attackers.
  • Audit FortiManager and FortiManager Cloud instances running affected versions (FortiManager 7.2.1–7.2.8, 7.4.0–7.4.5, 7.6.0–7.6.1; FortiManager Cloud 7.2.2–7.2.7, 7.4.0–7.4.4, 7.6.0–7.6.1) for anomalous authenticated sessions and unexpected OS-level command execution.
  • ·Exploitation requires prior authentication; threat model should prioritize insider threats, compromised credentials, or chained authentication bypass vulnerabilities as precursors.
  • ·The vulnerability is specific to the FGFM (FortiGate-to-FortiManager) protocol interface; ensure FGFM access is restricted to trusted FortiGate devices only and not exposed to untrusted networks.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.