CVE-2024-46662

Summary

CVE-2024-46662 is a command injection vulnerability affecting Fortinet FortiManager versions 7.4.1 to 7.4.3 and FortiManager Cloud versions 7.4.1 to 7.4.3. An attacker can exploit this weakness by sending crafted packets, leading to privilege escalation. The vulnerability stems from FortiManager's failure to properly neutralize special elements in user input, creating an opportunity for code injection and subsequent elevation of privileges. This issue poses a significant risk, as it allows an attacker to gain unauthorized access and potentially compromise the entire FortiManager system. Organizations utilizing FortiManager with these affected versions are advised to apply the necessary patches as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.