Primary

Context

Fortinet FortiManager OS Command Injection Vulnerability Allowing Remote Code Execution

Vulnerability

An OS command injection vulnerability has been identified in Fortinet FortiManager. This issue affects versions 7.6.0 through 7.6.1, 7.4.5 through 7.4.0, and 7.2.1 through 7.2.8, as well as FortiManager Cloud versions 7.6.0 through 7.6.1, 7.4.0 through 7.4.4, and 7.2.2 through 7.2.7. The vulnerability arises from improper neutralization of special elements in OS commands, which may allow an authenticated remote attacker to execute unauthorized code by sending crafted FGFM requests.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution on the affected FortiManager instance.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiManager OS Command Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Affected Products

Fortinet FortiManager

Fortinet FortiManager Cloud

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating