Fortinet Releases Security Advisory for FortiManager and FortiManager Cloud

CVE-2024-48889 could lead to remote code execution

Threat ID:: CC-4594
Threat Severity:: Medium
Published:: 19 December 2024 2:38 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

CVE-2024-48889 could lead to remote code execution

Affected platforms

The following platforms are known to be affected:

Fortinet FortiManager

6.4.10 to 6.4.14
7.0.5 to 7.0.1
7.2.3 to 7.2.7
7.4.0 to 7.4.4
7.6.0

Fortinet FortiManager Cloud

Cloud 7.0.1 to 7.0.12
Cloud 7.2.1 to 7.2.7
Cloud 7.4.1 to 7.4.4

Fortinet FortiAnalyzer

Old FortiAnalyzer models 1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G, 3900E with the following feature enabled:

config system global
set fmg-status enable
end

are also impacted by this vulnerability.

Threat details

Introduction

Fortinet has released a security advisory to address a critical vulnerability in FortiManager and FortiManager Cloud. FortiManager is a network monitoring application.

CVE-2024-48889 is an ‘OS Command Injection’ vulnerability with a CVSSv3 score of 7.2. A remote authenticated attacker could execute arbitrary code (ACE) or commands via FGFM crafted requests.

Remediation advice

Affected organisations are encouraged to review the FortiNet PSIRT FG-IR-24-425 and apply the relevant updates as soon as is practicable.

NOTE: Fortinet recommends using their Upgrade Path Tool to see the recommended upgrade path for a particular Fortinet product.

Definitive source of threat updates

https://fortiguard.fortinet.com/psirt/FG-IR-24-425

CVE Vulnerabilities

Status Published

CVE-2024-48889

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below, version 7.2.7 to 7.2.1, version 7.0.12 to 7.0.1 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.

Last edited: 19 December 2024 2:38 pm