CVE-2024-50566

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Jan 14, 2025

CWE ID 78

Summary

CVE-2024-50566 is a critical vulnerability affecting various versions of Fortinet FortiManager and FortiManager Cloud. An attacker who gains authentication can exploit this os command injection flaw, inserting unauthorized code into FortiManager's system. By crafting specific FGFM requests, the attacker can potentially execute arbitrary commands on the targeted FortiManager or FortiManager Cloud instances, posing a significant risk to organizational security. This vulnerability impacts FortiManager versions 7.6.0 through 7.6.1, 7.4.5 through 7.4.0, and 7.2.1 through 7.2.8, as well as FortiManager Cloud versions 7.6.0 through 7.6.1, 7.4.0 through 7.4.4, and 7.2.2 through 7.2.7. Organizations using these versions are advised to apply the available patches promptly to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

FortiManager

Affected Vendors

Fortinet

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Know What Matters

For Customers

For Partners