CVE-2024-50566

Description

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiManager Cloud 7.6.0 through 7.6.1, FortiManager Cloud 7.4.0 through 7.4.4, FortiManager Cloud 7.2.2 through 7.2.7, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.1 through 7.2.8 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.

CVSS breakdown

Affected products

• fortinet / fortimanager7.6.1 – 7.6.1
• fortinet / fortimanager7.6.0 – 7.6.0
• fortinet / fortimanager7.4.5 – 7.4.5
• fortinet / fortimanager7.4.4 – 7.4.4
• fortinet / fortimanager7.4.3 – 7.4.3
• fortinet / fortimanager7.4.2 – 7.4.2
• fortinet / fortimanager7.4.1 – 7.4.1
• fortinet / fortimanager7.4.0 – 7.4.0
• fortinet / fortimanager7.2.8 – 7.2.8
• fortinet / fortimanager7.2.7 – 7.2.7
• fortinet / fortimanager7.2.6 – 7.2.6
• fortinet / fortimanager7.2.5 – 7.2.5
• fortinet / fortimanager7.2.4 – 7.2.4
• fortinet / fortimanager7.2.3 – 7.2.3
• fortinet / fortimanager7.2.2 – 7.2.2
• fortinet / fortimanager7.2.1 – 7.2.1
• fortinet / fortimanagercloud7.4.4 – 7.4.4
• fortinet / fortimanagercloud7.4.3 – 7.4.3
• fortinet / fortimanagercloud7.4.2 – 7.4.2
• fortinet / fortimanagercloud7.4.1 – 7.4.1
• fortinet / fortimanagercloud7.2.7 – 7.2.7
• fortinet / fortimanagercloud7.2.6 – 7.2.6
• fortinet / fortimanagercloud7.2.5 – 7.2.5
• fortinet / fortimanagercloud7.2.4 – 7.2.4
• fortinet / fortimanagercloud7.2.3 – 7.2.3
• fortinet / fortimanagercloud7.2.2 – 7.2.2

References

• VENDOR_ADVISORYhttps://fortiguard.fortinet.com/psirt/FG-IR-24-463