What is the severity of CVE-2024-48889?

CVE-2024-48889 has been classified as a high severity vulnerability due to the potential for remote code execution.

How do I fix CVE-2024-48889?

To mitigate CVE-2024-48889, upgrade FortiManager to the appropriate fixed version as specified by Fortinet.

What products are affected by CVE-2024-48889?

CVE-2024-48889 affects multiple versions of FortiManager, including those from 6.4.10 up to 7.6.1.

Can CVE-2024-48889 be exploited remotely?

Yes, CVE-2024-48889 can be exploited by an authenticated remote attacker through crafted FGFM requests.

What is the nature of the vulnerability in CVE-2024-48889?

CVE-2024-48889 is characterized as an OS Command Injection vulnerability, allowing unauthorized code execution.

Vulnerability/
CVE-2024-48889

high

7.2

CWE

78 77

18/12/2024

20/12/2024

CVE-2024-48889: OS command injection

First published: Wed Dec 18 2024(Updated: )

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiManager	=.
Fortinet FortiManager	>=7.4.0<=7.4.4
Fortinet FortiManager	>=7.4.1<=7.4.4
Fortinet FortiManager	>=7.2.3<=7.2.7
Fortinet FortiManager	>=7.2.1<=7.2.7
Fortinet FortiManager	>=7.0.5<=7.0.12
Fortinet FortiManager	>=7.0.1<=7.0.12
Fortinet FortiManager	>=6.4.10<=6.4.14

Remedy

Please upgrade to FortiManager version 7.6.1 or above Please upgrade to FortiManager version 7.4.5 or above Please upgrade to FortiManager version 7.2.8 or above Please upgrade to FortiManager version 7.0.13 or above Please upgrade to FortiManager version 6.4.15 or above Please upgrade to FortiManager Cloud version 7.6.2 or above Please upgrade to FortiManager Cloud version 7.4.5 or above Please upgrade to FortiManager Cloud version 7.2.8 or above Please upgrade to FortiManager Cloud version 7.0.13 or above

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-48889?
CVE-2024-48889 has been classified as a high severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2024-48889?
To mitigate CVE-2024-48889, upgrade FortiManager to the appropriate fixed version as specified by Fortinet.
What products are affected by CVE-2024-48889?
CVE-2024-48889 affects multiple versions of FortiManager, including those from 6.4.10 up to 7.6.1.
Can CVE-2024-48889 be exploited remotely?
Yes, CVE-2024-48889 can be exploited by an authenticated remote attacker through crafted FGFM requests.
What is the nature of the vulnerability in CVE-2024-48889?
CVE-2024-48889 is characterized as an OS Command Injection vulnerability, allowing unauthorized code execution.

agent/weakness
agent/remedy
agent/type
agent/author
collector/nvd-api
source/NVD
agent/first-publish-date
agent/severity
agent/references
agent/title
agent/softwarecombine
agent/description
collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2024-48889
agent/event
agent/trending
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/fortiguard-psirt
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/fortinet
canonical/fortinet fortimanager
version/fortinet fortimanager/.
version/fortinet fortimanager/7.4.0
version/fortinet fortimanager/7.4.4
version/fortinet fortimanager/7.4.1
version/fortinet fortimanager/7.2.3
version/fortinet fortimanager/7.2.7
version/fortinet fortimanager/7.2.1
version/fortinet fortimanager/7.0.5
version/fortinet fortimanager/7.0.12
version/fortinet fortimanager/7.0.1
version/fortinet fortimanager/6.4.10
version/fortinet fortimanager/6.4.14