Fortinet Product Security Update Advisory (CVE-2024-48889)

Dec 23 2024

Overview

An update has been released to address vulnerabilities in Fortinet Products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-48889

FortiManager version: 7.6.0
FortiManager versions: 7.4.0 (inclusive) ~ 7.4.4 (inclusive)
FortiManager versions: 7.2.3 (inclusive) ~ 7.2.7 (inclusive)
FortiManager versions: 7.0.5 (inclusive) ~ 7.0.12 (inclusive)
FortiManager versions: 6.4.10 (inclusive) ~ 6.4.14(inclusive)

FortiManager Cloud versions: 7.4.1 (inclusive) ~ 7.4.4 (inclusive)
FortiManager Cloud versions: 7.2.1 (inclusive) ~ 7.2.7 (inclusive)
FortiManager Cloud versions: 7.0.1 (inclusive) ~ 7.0.12 (inclusive)

Resolved Vulnerabilities

OS Command Injection Vulnerability in Fortinet’s FortiManager, FortiManager Cloud (CVE-2024-48889)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-48889

FortiManager version: 7.6.1 or later version
FortiManager version: 7.4.5 or later version
FortiManager version: 7.2.8 or later version
FortiManager version: 7.0.13 or later version
FortiManager version: 6.4.15 or later version

FortiManager Cloud version: 7.4.5 or later version
FortiManager Cloud version: 7.2.8 or later version
FortiManager Cloud version: 7.0.13 or later version

Referenced Sites

[1] CVE-2024-48889 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-48889

[2] OS command injection

https://fortiguard.fortinet.com/psirt/FG-IR-24-425

Fortinet Product Security Update Advisory (CVE-2024-48889)

Google Chrome Browser (131.0.6778.204/.205) Security Update Advisory

Microsoft Edge browser (131.0.2903.112) Version Security Update Advisory

Tags:

Google Chrome Browser (131.0.6778.204/.205) Security Update Advisory

Microsoft Edge browser (131.0.2903.112) Version Security Update Advisory