CVE-2024-48889: 
Fortinet FortiManager vulnerability analysis and mitigation

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] was discovered in FortiManager and FortiManager Cloud. The vulnerability, identified as CVE-2024-48889, was initially published on December 18, 2024. It affects multiple versions of FortiManager (versions 6.4.10-6.4.14, 7.0.5-7.0.12, 7.2.3-7.2.7, 7.4.0-7.4.4, and 7.6.0) and FortiManager Cloud (versions 7.0.1-7.0.12, 7.2.1-7.2.7, and 7.4.1-7.4.4). Additionally, certain FortiAnalyzer models with specific configurations are also impacted (Fortiguard PSIRT).

The vulnerability is classified as a high-severity issue with a CVSSv3 score of 7.2. It specifically involves improper neutralization of special elements used in OS commands, which could be exploited through FGFM crafted requests. The vulnerability affects the GUI component of the FortiManager system (Fortiguard PSIRT, NVD).

If successfully exploited, this vulnerability allows an authenticated remote attacker to execute unauthorized code or commands on the affected systems. This could potentially lead to significant system compromise and unauthorized access to sensitive information (Fortiguard PSIRT).

Fortinet has released patches to address this vulnerability. Users are advised to upgrade to the following versions: FortiManager 7.6.1 or above for 7.6 branch, 7.4.5 or above for 7.4 branch, 7.2.8 or above for 7.2 branch, 7.0.13 or above for 7.0 branch, and 6.4.15 or above for 6.4 branch. FortiManager Cloud users should upgrade to versions 7.4.5 or above, 7.2.8 or above, or 7.0.13 or above depending on their current version (ASEC, Fortiguard PSIRT).