CVE-2024-48889 — Vulnetix

CVE-2024-48889 PUBLISHED

Es gibt eine Schwachstelle in Fortinet FortiManager aufgrund einer OS-Befehlsinjektion. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um beliebige Befehle über manipulierte FGFM-Anfragen auszuführen.

EPSS 2.09% · 84.3th percentile

Risk Scores

EPSS Score

2.09%

84.3th percentile

Affected Products

Vendor	Product	Versions
Fortinet	Fortinet FortiManager <7.0.13
Fortinet	Fortinet FortiManager <7.4.5
Fortinet	Fortinet FortiManager <7.6.1
Fortinet	Fortinet FortiManager <6.4.15
Fortinet	Fortinet FortiManager <7.2.8

Timeline

Dec 18, 2024 CVE Published
Dec 18, 2024 PoC Published
Dec 18, 2024 PoC Published
Dec 18, 2024 PoC Published
Dec 18, 2024 PoC Published
Dec 18, 2024 PoC Published
Dec 18, 2024 PoC Published
Dec 18, 2024 PoC Published
Dec 18, 2024 PoC Published
Dec 18, 2024 PoC Published
Dec 19, 2024 EPSS Score
Dec 19, 2024 PoC Published

References

https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3730.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3730 advisory
https://fortiguard.fortinet.com/psirt/FG-IR-24-425 advisory

Open in Interactive Console →