An OS Command Injection vulnerability (CWE-78) in FortiManager allows an authenticated remote attacker to execute unauthorized commands via FGFM crafted requests. This poses a significant security risk to affected systems.
Affected Versions
Vulnerable Version | Fixed Version |
FortiManager 7.6.0 | Upgrade to 7.6.1+ |
FortiManager 7.4.0 - 7.4.4 | Upgrade to 7.4.5+ |
FortiManager 7.2.3 - 7.2.7 | Upgrade to 7.2.8+ |
FortiManager 7.0.5 - 7.0.12 | Upgrade to 7.0.13+ |
FortiManager 6.4.10 - 6.4.14 | Upgrade to 6.4.15+ |
FortiManager Cloud 7.4.1 - 7.4.4 | Upgrade to 7.4.5+ |
FortiManager Cloud 7.2.1 - 7.2.7 | Upgrade to 7.2.8+ |
FortiManager Cloud 7.0.1 - 7.0.12 | Upgrade to 7.0.13+ |
Old FortiAnalyzer models (1000E/F, 2000E, 3000E/F/G, 3500E/F/G, 3700F/G, 3900E) with fmg-status enabled are also affected.
Solution
Recommendation: Upgrade to a fixed version as indicated above.
References:
Actions Required
Review Impact: Identify if your organization uses any affected versions.
Mitigation: Upgrade to the fixed version as per the table above.
Compliance: Ensure all actions comply with your organization's Change Management Policy.
Note: If your organization does not use the affected versions, you can disregard this message.
Greenwill Solution offers the vulnerability assessment and patch management to protect you from harm
Contact us Now
Comentarios