CVE-2024-48889

Name of the Vulnerable Software and Affected Versions FortiManager versions 7.6.0, 7.4.4 and below, 7.2.7 and below, 7.0.12 and below, 6.4.14 and below FortiManager Cloud versions 7.4.4 and below, 7.2.7 to 7.2.1, 7.0.12 to 7.0.1

Description The issue is related to an Improper Neutralization of Special Elements used in an OS Command, also known as 'OS Command Injection'. This may allow an authenticated remote attacker to execute unauthorized code via crafted requests. The vulnerability is actively exploited in the wild.

Recommendations For FortiManager versions 7.6.0, 7.4.4 and below, 7.2.7 and below, 7.0.12 and below, 6.4.14 and below: Update to the latest version to secure the management system. For FortiManager Cloud versions 7.4.4 and below, 7.2.7 to 7.2.1, 7.0.12 to 7.0.1: Update to the latest version to secure the management system. As a temporary workaround, consider restricting access to the vulnerable FGFM crafted requests until a patch is available.