Skip to main content

CVE-2024-48889 could lead to remote code execution

Threat ID:CC-4594
Threat Severity:Medium
Published:19 December 2024 2:38 PM

Summary

CVE-2024-48889 could lead to remote code execution

Affected platforms

The following platforms are known to be affected:

Fortinet FortiManager
  • 6.4.10 to 6.4.14
  • 7.0.5 to 7.0.1
  • 7.2.3 to 7.2.7
  • 7.4.0 to 7.4.4
  • 7.6.0
Fortinet FortiManager Cloud
  • Cloud 7.0.1 to 7.0.12
  • Cloud 7.2.1 to 7.2.7
  • Cloud 7.4.1 to 7.4.4
Fortinet FortiAnalyzerOld FortiAnalyzer models 1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G, 3900E with the following feature enabled:
  • config system global
  • set fmg-status enable
  • end
are also impacted by this vulnerability.

Fortinet FortiAnalyzerOld FortiAnalyzer models 1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G, 3900E with the following feature enabled:

  • config system global
  • set fmg-status enable
  • end
are also impacted by this vulnerability.

Threat details

Introduction

Fortinet has released a security advisory to address a critical vulnerability in FortiManager and FortiManager Cloud. FortiManager is a network monitoring application.

CVE-2024-48889 is an ‘OS Command Injection’ vulnerability with a CVSSv3 score of 7.2. A remote authenticated attacker could execute arbitrary code (ACE) or commands via FGFM crafted requests.

Remediation advice

Affected organisations are encouraged to review the FortiNet PSIRT FG-IR-24-425 and apply the relevant updates as soon as is practicable.

NOTE: Fortinet recommends using their Upgrade Path Tool to see the recommended upgrade path for a particular Fortinet product.

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished
CVE-2024-48889An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below, version 7.2.7 to 7.2.1, version 7.0.12 to 7.0.1 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.

Last edited: 19 December 2024 2:38 pm

Back to top