VDB
CISA-2024-50566
CISA-2024-50566
PUBLISHED
CVSS 7.2 HIGH
Reported by fortinet · Published January 14, 2025
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiManager Cloud 7.6.0 through 7.6.1, FortiManager Cloud 7.4.0 through 7.4.4, FortiManager Cloud 7.2.2 through 7.2.7, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.1 through 7.2.8 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.
Risk Scores
CVSS 3.1
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:X
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | FortiManager | 7.6.0, 7.4.0, 7.2.1 |
| Fortinet | FortiManager Cloud | 7.4.1, 7.2.2 |
| Fortinet | FortiManager | 7.2.1, 7.2.1, 7.6.0 |
| Fortinet | FortiManager Cloud | 7.2.2, 7.4.1, 7.2.2 |
Timeline
- Jan 14, 2025 CVE Published
- Jan 15, 2026 CVE Updated