Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025031811033232 | Publication Time | 2025/03/18 11:29 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/03/18 11:29 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】 Operating System Command Vulnerability (CVE-2024-46662) in FortiManager by Fortinet |
|||
| [Content] Forwarded from TWCERTCC-200-202503-00000008 FortiManager, a multifunctional network security management product by Fortinet, provides a unified management interface and centralized management and monitoring of networks. Fortinet has released an advisory about a significant security vulnerability in FortiManager (CVE-2024-46662, CVSS: 8.8). This vulnerability is caused by improper handling of special symbols in operating system commands, allowing authenticated attackers to execute unauthorized commands through specially crafted packets. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] FortiManager Cloud versions 7.41 to 7.4.3 FortiManager versions 7.4.1 to 7.4.3 |
|||
| [Recommended Actions] Update to the following versions: FortiManager Cloud 7.4.4 or later FortiManager 7.4.4 or later |
|||
| [Reference] 1.Fortinet FortiManager Operating System Command Vulnerability (CVE-2024-46662): https://www.twcert.org.tw/tw/cp-169-10017-7cc51-1.html 2.Command Injection in csfd Daemon: https://fortiguard.fortinet.com/psirt/FG-IR-24-222 3.CVE-2024-46662: https://nvd.nist.gov/vuln/detail/CVE-2024-46662 |
|||