VDB

CISA-2024-50566

CISA-2024-50566 PUBLISHED CVSS 7.2 HIGH

Reported by fortinet · Published January 14, 2025

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiManager Cloud 7.6.0 through 7.6.1, FortiManager Cloud 7.4.0 through 7.4.4, FortiManager Cloud 7.2.2 through 7.2.7, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.1 through 7.2.8 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.

Risk Scores

CVSS 3.1
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:X

Affected Products

VendorProductVersions
FortinetFortiManager7.6.0, 7.4.0, 7.2.1
FortinetFortiManager Cloud7.4.1, 7.2.2
FortinetFortiManager7.2.1, 7.2.1, 7.6.0
FortinetFortiManager Cloud7.2.2, 7.4.1, 7.2.2

Timeline

  • Jan 14, 2025 CVE Published
  • Jan 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›