CVE-2024-48889

Published Dec 18, 2024

Last updated 2 months ago

CVSS high 7.2

Overview

Description
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below, version 7.2.7 to 7.2.1, version 7.0.12 to 7.0.1 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.
Source
psirt@fortinet.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

psirt@fortinet.com
CWE-78
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-78

Social media

Hype score
Not currently trending

  1. CVE-2024-48889 alert 🚨 FortiManager: Authenticated OS Command Injection (CVSS: 7.2/10) The vulnerability is actively exploited in the wild and has been integrated into Patrowl. Our customers assets are protected. 🦉 #CyberSecurity #InfoSec https://t.co/mhIn8pW2my

    @Patrowl_io

    23 Dec 2024

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. به تازگی دو آسیب پذیری خطرناک برای محصولات FortiManager با کد شناسایی CVE-2024-48889 از نوع OS command execution و FortiWLM با کد شناسایی CVE-2023-34990 از نوع File Read منتشر شده است. نسخه های مختلفی از FortiManager دارای این آسیب پذیری هستند . https://t.co/Poz3aKYxT1 https://t.

    @AmirHossein_sec

    21 Dec 2024

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 Vulnérabilités critiques chez Fortinet : Deux failles (CVE-2024-48889 & CVE-2023-34990) permettent l’exécution de code à distance et l’accès à des données sensibles sur FortiManager et FortiWLM. Mettez à jour. Téléchargez le bulletin d'alerte. https://t.co/52pLbTadJ9 https

    @cert_tg

    19 Dec 2024

    89 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  4. Fortinet fixes several vulnerabilities including CVE-2023-34990 #Fortinet #CVE-2023-34990 #CVE-2024-50570 #CVE-2024-48889 https://t.co/jEOWPiIZpJ

    @pravin_karthik

    19 Dec 2024

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-48889 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and … https://t.co/HjvLR0BxKC

    @CVEnew

    18 Dec 2024

    370 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References