CVE-2024-50566

Summary

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiManager Cloud 7.6.0 through 7.6.1, FortiManager Cloud 7.4.0 through 7.4.4, FortiManager Cloud 7.2.2 through 7.2.7, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.1 through 7.2.8 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiManager7.6.0 <= 7.6.1affected
FortinetFortiManager7.4.0 <= 7.4.5affected
FortinetFortiManager7.2.1 <= 7.2.8affected
FortinetFortiManager Cloud7.4.1 <= 7.4.4affected
FortinetFortiManager Cloud7.2.2 <= 7.2.7affected

Weaknesses

  • CWE-78: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References