Fortinet FortiAnalyzer/Manager CLI Command Injection Vulnerability (CVE-2024-32118) Advisory

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: OS command injection in CLI command 2. Vulnerability ID: FG-IR-24-116 3. Release Date: November 12, 2024 4. Component: CLI 5. Severity: Medium 6. CVSSv3 Score: 6.3 7. Impact: Execution of unauthorized code or commands 8. CVE ID: CVE-2024-32118 9. Remediation: - FortiAnalyzer 7.4: Upgrade to 7.4.3 or later - FortiAnalyzer 7.2: Upgrade to 7.2.6 or later - FortiAnalyzer 7.0: Migrate to a fixed version - FortiAnalyzer 6.4: Migrate to a fixed version - FortiAnalyzer 6.2: Migrate to a fixed version - FortiAnalyzer-BigData 7.4: Upgrade to 7.4.1 or later - FortiAnalyzer-BigData 7.2: Upgrade to 7.2.8 or later - FortiAnalyzer-BigData 7.0: Migrate to a fixed version - FortiAnalyzer-BigData 6.4: Migrate to a fixed version - FortiAnalyzer-BigData 6.2: Migrate to a fixed version - FortiManager 7.4: Upgrade to 7.4.3 or later - FortiManager 7.2: Upgrade to 7.2.6 or later - FortiManager 7.0: Migrate to a fixed version - FortiManager 6.4: Migrate to a fixed version - FortiManager 6.2: Migrate to a fixed version 10. Discovery and Reporting: Internally discovered and reported by Théo Leleu from the Fortinet Product Security Team. 11. Initial Release Date: November 12, 2024 This information provides a detailed description of the vulnerability, its scope of impact, and the recommended remediation steps.

Goal Reached Thanks to every supporter — we hit 100%!

Fortinet FortiAnalyzer/Manager CLI Command Injection Vulnerability (CVE-2024-32118) Advisory