First published: Tue Jan 14 2025(Updated: )
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafted packets
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiManager Cloud | >=7.4.1<=7.4.3 | |
Fortinet FortiManager | >=7.4.1<=7.4.3 |
Please upgrade to FortiManager version 7.6.0 or above Please upgrade to FortiManager version 7.4.4 or above Please upgrade to FortiManager Cloud version 7.4.4 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-46662 is classified as a critical vulnerability due to its potential for unauthorized command execution.
To remediate CVE-2024-46662, update FortiManager or FortiManager Cloud to version 7.4.4 or later.
CVE-2024-46662 affects Fortinet FortiManager and Fortinet FortiManager Cloud versions between 7.4.1 and 7.4.3.
Yes, CVE-2024-46662 can be exploited by an authenticated attacker through specially crafted packets.
CVE-2024-46662 involves an improper neutralization of special elements used in an operating system command, aligning with CWE-78.