What is the severity of FG-IR-24-220?

The vulnerability FG-IR-24-220 is classified as an OS Command Injection vulnerability, allowing authenticated privileged attackers to execute unauthorized commands.

How do I fix FG-IR-24-220?

To fix FG-IR-24-220, update to the appropriate version of FortiAnalyzer, FortiManager, or their cloud counterparts as specified in the advisory.

Who can exploit FG-IR-24-220?

The FG-IR-24-220 vulnerability can be exploited by authenticated privileged users.

What can an attacker achieve with FG-IR-24-220?

An attacker exploiting FG-IR-24-220 can execute unauthorized OS commands on the affected systems.

Vulnerability/
FG-IR-24-220

medium

6.8

CWE

77 78

11/2/2025

FG-IR-24-220: OS command injection in external connector

First published: Tue Feb 11 2025(Updated: )

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiAnalyzer, FortiManager, FortiAnalyzer BigData, FortiAnalyzer Cloud and FortiManager Cloud GUI may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted HTTPS or HTTP requests.

Affected Software	Affected Version	How to fix
Fortinet FortiAnalyzer	>=7.4.0<=7.4.3
Fortinet FortiAnalyzer	>=7.2.0<=7.2.5
Fortinet FortiAnalyzer	>=7.0
Fortinet FortiAnalyzer	>=6.4
Fortinet FortiAnalyzer	>=6.2.2<=6.2.13
Fortinet FortiAnalyzer Cloud	>=7.4.1<=7.4.3
Fortinet FortiAnalyzer Cloud	>=7.2.1<=7.2.5
Fortinet FortiAnalyzer Cloud	>=7.0
Fortinet FortiAnalyzer Cloud	>=6.4
Fortinet FortiAnalyzer	=.
Fortinet FortiAnalyzer	>=7.2.0<=7.2.7
Fortinet FortiAnalyzer	>=7.0
Fortinet FortiAnalyzer	>=6.4
Fortinet FortiAnalyzer	>=6.2
Fortinet FortiManager	>=7.4.0<=7.4.3
Fortinet FortiManager	>=7.2.0<=7.2.5
Fortinet FortiManager	>=7.0
Fortinet FortiManager	>=6.4
Fortinet FortiManager	>=6.2.2<=6.2.13
Fortinet FortiManager Cloud	>=7.4.1<=7.4.3
Fortinet FortiManager Cloud	>=7.2.1<=7.2.5
Fortinet FortiManager Cloud	>=7.0
Fortinet FortiManager Cloud	>=6.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of FG-IR-24-220?
The vulnerability FG-IR-24-220 is classified as an OS Command Injection vulnerability, allowing authenticated privileged attackers to execute unauthorized commands.
How do I fix FG-IR-24-220?
To fix FG-IR-24-220, update to the appropriate version of FortiAnalyzer, FortiManager, or their cloud counterparts as specified in the advisory.
Which products are affected by FG-IR-24-220?
FG-IR-24-220 affects various versions of FortiAnalyzer, FortiManager, FortiAnalyzer BigData, FortiAnalyzer Cloud, and FortiManager Cloud.
Who can exploit FG-IR-24-220?
The FG-IR-24-220 vulnerability can be exploited by authenticated privileged users.
What can an attacker achieve with FG-IR-24-220?
An attacker exploiting FG-IR-24-220 can execute unauthorized OS commands on the affected systems.

collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2024-40584
agent/last-modified-date
agent/source
agent/type
agent/first-publish-date
agent/event
agent/severity
agent/title
agent/references
agent/weakness
agent/softwarecombine
agent/description
agent/tags
collector/fortiguard-psirt
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/fortinet
canonical/fortinet fortianalyzer
version/fortinet fortianalyzer/7.4.0
version/fortinet fortianalyzer/7.4.3
version/fortinet fortianalyzer/7.2.0
version/fortinet fortianalyzer/7.2.5
version/fortinet fortianalyzer/7.0
version/fortinet fortianalyzer/6.4
version/fortinet fortianalyzer/6.2.2
version/fortinet fortianalyzer/6.2.13
canonical/fortinet fortianalyzer cloud
version/fortinet fortianalyzer cloud/7.4.1
version/fortinet fortianalyzer cloud/7.4.3
version/fortinet fortianalyzer cloud/7.2.1
version/fortinet fortianalyzer cloud/7.2.5
version/fortinet fortianalyzer cloud/7.0
version/fortinet fortianalyzer cloud/6.4
version/fortinet fortianalyzer/.
version/fortinet fortianalyzer/7.2.7
version/fortinet fortianalyzer/6.2
canonical/fortinet fortimanager
version/fortinet fortimanager/7.4.0
version/fortinet fortimanager/7.4.3
version/fortinet fortimanager/7.2.0
version/fortinet fortimanager/7.2.5
version/fortinet fortimanager/7.0
version/fortinet fortimanager/6.4
version/fortinet fortimanager/6.2.2
version/fortinet fortimanager/6.2.13
canonical/fortinet fortimanager cloud
version/fortinet fortimanager cloud/7.4.1
version/fortinet fortimanager cloud/7.4.3
version/fortinet fortimanager cloud/7.2.1
version/fortinet fortimanager cloud/7.2.5
version/fortinet fortimanager cloud/7.0
version/fortinet fortimanager cloud/6.4

FG-IR-24-220: OS command injection in external connector

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of FG-IR-24-220?

How do I fix FG-IR-24-220?

Which products are affected by FG-IR-24-220?

Who can exploit FG-IR-24-220?

What can an attacker achieve with FG-IR-24-220?

Company

Resources

Contact