CVE-2024-46662

Published Mar 14, 2025

Last updated 21 days ago

CVSS high 8.8
Fortinet
FortiManager

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2024-46662 is a command injection vulnerability affecting Fortinet FortiManager versions 7.4.1 through 7.4.3 and FortiManager Cloud versions 7.4.1 through 7.4.3. The vulnerability stems from the improper neutralization of special elements used in commands. This flaw could allow an attacker to escalate privileges by sending specifically crafted packets. Successful exploitation could compromise the integrity and security of the affected systems, potentially granting an attacker higher-level permissions within the FortiManager system.

Description
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafted packets
Source
psirt@fortinet.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

psirt@fortinet.com
CWE-77

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2024-46662 – Fortinet FortiManager Command Execution 🚨 Functional exploits exist! Affected: FortiManager 7.4.1–7.4.3 & FortiManager Cloud 7.4.1–7.4.3 #Fortinet #Infosec #Vulmon https://t.co/0wiNouNGFt

    @vulmoncom

    14 Mar 2025

    2497 Impressions

    9 Retweets

    31 Likes

    13 Bookmarks

    1 Reply

    0 Quotes

  2. CVE-2024-46662 A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versio… https://t.co/GvdRRsXvdU

    @CVEnew

    14 Mar 2025

    338 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [CVE-2024-46662: HIGH] Vulnerable versions of Fortinet FortiManager and FortiManager Cloud are at risk of command injection allowing attackers to escalate privileges through crafted packets.#cybersecurity,#vulnerability https://t.co/CAs7OrVy2z https://t.co/8BSRFPje2g

    @CveFindCom

    14 Mar 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References