CVE-2024-40584

Summary

CVE-2024-40584 is a critical OS Command Injection vulnerability affecting multiple Fortinet products, including FortiAnalyzer, FortiManager, FortiAnalyzer BigData, FortiAnalyzer Cloud, and FortiManager Cloud. An authenticated privileged attacker can exploit this vulnerability by sending crafted HTTPS or HTTP requests to the GUI of these Fortinet devices. The vulnerability, identified as CWE-78, allows the attacker to inject and execute unauthorized code or commands, potentially leading to significant security implications for affected organizations. Versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, and 6.2.2 through 6.2.13 of the mentioned Fortinet products are impacted. It is advised to apply the relevant patches to mitigate the risk of exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.