CVE-2024-50566

CWE-78OS Command Injection4 documents4 sources
Severity
8.8HIGH
EPSS
0.3%
top 42.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortimanagerFortinet Fortimanager Cloud
Timeline
PublishedJan 14

Description

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiManager Cloud 7.6.0 through 7.6.1, FortiManager Cloud 7.4.0 through 7.4.4, FortiManager Cloud 7.2.2 through 7.2.7, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.1 through 7.2.8 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

NVDfortinet/fortimanager_cloud7.2.27.2.8+2
CVEListV5fortinet/fortimanager_cloud7.4.17.4.4+1
NVDfortinet/fortimanager7.2.17.2.9+2
CVEListV5fortinet/fortimanager7.6.07.6.1+2

🔴Vulnerability Details

2
GHSA
GHSA-mphf-cc86-chgh: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager versions 72025-01-14
CVEList
CVE-2024-50566: A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiManager Cloud 72025-01-14

📋Vendor Advisories

1
Fortinet
OS Command Injection2025-01-14
CVE-2024-50566 (HIGH CVSS 8.8) | A improper neutralization of specia | cvebase.io