Vulnerability Details CVE-2024-50566
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiManager Cloud 7.6.0 through 7.6.1, FortiManager Cloud 7.4.0 through 7.4.4, FortiManager Cloud 7.2.2 through 7.2.7, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.1 through 7.2.8 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 70.1%
CVSS Severity
CVSS v3 Score 7.2
Products affected by CVE-2024-50566
-
cpe:2.3:a:fortinet:fortimanager:7.2.1
-
cpe:2.3:a:fortinet:fortimanager:7.2.2
-
cpe:2.3:a:fortinet:fortimanager:7.2.3
-
cpe:2.3:a:fortinet:fortimanager:7.2.4
-
cpe:2.3:a:fortinet:fortimanager:7.2.5
-
cpe:2.3:a:fortinet:fortimanager:7.2.6
-
cpe:2.3:a:fortinet:fortimanager:7.2.7
-
cpe:2.3:a:fortinet:fortimanager:7.2.8
-
cpe:2.3:a:fortinet:fortimanager:7.4.0
-
cpe:2.3:a:fortinet:fortimanager:7.4.1
-
cpe:2.3:a:fortinet:fortimanager:7.4.2
-
cpe:2.3:a:fortinet:fortimanager:7.4.3
-
cpe:2.3:a:fortinet:fortimanager:7.4.4
-
cpe:2.3:a:fortinet:fortimanager:7.4.5
-
cpe:2.3:a:fortinet:fortimanager:7.6.0
-
cpe:2.3:a:fortinet:fortimanager:7.6.1
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.2.2
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.2.3
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.2.4
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.2.5
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.2.6
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.2.7
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.4.0
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.4.1
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.4.2
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.4.3
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.4.4
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.6.0
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.6.1