CVE-2024-32118

Name of the Vulnerable Software and Affected Versions Fortinet FortiManager versions 7.4.0 through 7.4.2 and before 7.2.5 Fortinet FortiAnalyzer versions 7.4.0 through 7.4.2 and before 7.2.5 Fortinet FortiAnalyzer-BigData before 7.4.0

Description The issue is related to improper neutralization of special elements used in an OS command, allowing an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests. This can be achieved by sending specially crafted requests to the CLI interface.

Recommendations For Fortinet FortiManager versions 7.4.0 through 7.4.2 and before 7.2.5, update to a version that includes the fix for this issue. For Fortinet FortiAnalyzer versions 7.4.0 through 7.4.2 and before 7.2.5, update to a version that includes the fix for this issue. For Fortinet FortiAnalyzer-BigData before 7.4.0, update to version 7.4.0 or later. As a temporary workaround, consider restricting access to the CLI interface to minimize the risk of exploitation.