CVE-2024-50566

Name of the Vulnerable Software and Affected Versions Fortinet FortiManager versions 7.2.1 through 7.2.8 Fortinet FortiManager versions 7.4.0 through 7.4.5 Fortinet FortiManager versions 7.6.0 through 7.6.1 Fortinet FortiManager Cloud versions 7.2.2 through 7.2.7 Fortinet FortiManager Cloud versions 7.4.0 through 7.4.4 Fortinet FortiManager Cloud versions 7.6.0 through 7.6.1

Description The issue is related to an improper neutralization of special elements used in an os command, also known as 'os command injection', which may allow an authenticated remote attacker to execute unauthorized code via crafted requests. This can be achieved by sending specially formed requests using the FGFM protocol.

Recommendations For Fortinet FortiManager versions 7.2.1 through 7.2.8, update to a version outside of this range to resolve the issue. For Fortinet FortiManager versions 7.4.0 through 7.4.5, update to a version outside of this range to resolve the issue. For Fortinet FortiManager versions 7.6.0 through 7.6.1, update to a version outside of this range to resolve the issue. For Fortinet FortiManager Cloud versions 7.2.2 through 7.2.7, update to a version outside of this range to resolve the issue. For Fortinet FortiManager Cloud versions 7.4.0 through 7.4.4, update to a version outside of this range to resolve the issue. For Fortinet FortiManager Cloud versions 7.6.0 through 7.6.1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the FGFM protocol to minimize the risk of exploitation.