{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-50566", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2024-10-24T11:52:14.401Z", "datePublished": "2025-01-14T14:08:35.384Z", "dateUpdated": "2026-01-15T15:05:48.819Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiManager", "cpes": ["cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.6.0", "lessThanOrEqual": "7.6.1", "status": "affected"}, {"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.5", "status": "affected"}, {"versionType": "semver", "version": "7.2.1", "lessThanOrEqual": "7.2.8", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiManager Cloud", "cpes": ["cpe:2.3:a:fortinet:fortimanagercloud:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.2.2:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.4.1", "lessThanOrEqual": "7.4.4", "status": "affected"}, {"versionType": "semver", "version": "7.2.2", "lessThanOrEqual": "7.2.7", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiManager Cloud 7.6.0 through 7.6.1, FortiManager Cloud 7.4.0 through 7.4.4, FortiManager Cloud 7.2.2 through 7.2.7, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.1 through 7.2.8 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-01-15T15:05:48.819Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-78", "description": "Execute unauthorized code or commands", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:X"}}], "solutions": [{"lang": "en", "value": "Upgrade to FortiManager version 7.6.2 or above\nUpgrade to FortiManager version 7.4.6 or above\nUpgrade to FortiManager version 7.2.9 or above\nUpgrade to FortiManager Cloud version 7.6.2 or above\nUpgrade to FortiManager Cloud version 7.4.5 or above\nUpgrade to FortiManager Cloud version 7.2.8 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-463", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-463"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-14T15:16:49.654273Z", "id": "CVE-2024-50566", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T20:57:06.777Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-50566", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-14T15:16:49.654273Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T15:16:51.009Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:X", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiManager", "versions": [{"status": "affected", "version": "7.6.0", "versionType": "semver", "lessThanOrEqual": "7.6.1"}, {"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.5"}, {"status": "affected", "version": "7.2.1", "versionType": "semver", "lessThanOrEqual": "7.2.8"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:fortinet:fortimanagercloud:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortimanagercloud:7.2.2:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiManager Cloud", "versions": [{"status": "affected", "version": "7.4.1", "versionType": "semver", "lessThanOrEqual": "7.4.4"}, {"status": "affected", "version": "7.2.2", "versionType": "semver", "lessThanOrEqual": "7.2.7"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to FortiManager version 7.6.2 or above\nUpgrade to FortiManager version 7.4.6 or above\nUpgrade to FortiManager version 7.2.9 or above\nUpgrade to FortiManager Cloud version 7.6.2 or above\nUpgrade to FortiManager Cloud version 7.4.5 or above\nUpgrade to FortiManager Cloud version 7.2.8 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-463", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-463"}], "descriptions": [{"lang": "en", "value": "A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiManager Cloud 7.6.0 through 7.6.1, FortiManager Cloud 7.4.0 through 7.4.4, FortiManager Cloud 7.2.2 through 7.2.7, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.1 through 7.2.8 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-01-15T15:05:48.819Z"}}}, "cveMetadata": {"cveId": "CVE-2024-50566", "state": "PUBLISHED", "dateUpdated": "2026-01-15T15:05:48.819Z", "dateReserved": "2024-10-24T11:52:14.401Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2025-01-14T14:08:35.384Z", "assignerShortName": "fortinet"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBA16B3B-9767-4B61-BA35-2DDF70D66D09", "versionEndExcluding": "7.2.9", "versionStartIncluding": "7.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "24796E3A-DDCB-4949-9080-5DCEEECF0B6C", "versionEndExcluding": "7.4.6", "versionStartIncluding": "7.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "241A8930-4ADA-4380-AA42-F10B28487595", "versionEndExcluding": "7.6.2", "versionStartIncluding": "7.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "57B085BA-AF25-4EE9-8EC6-BD588F3C90CF", "versionEndExcluding": "7.2.8", "versionStartIncluding": "7.2.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FBDCAD3-019A-4F46-AB5D-448E525E4E94", "versionEndExcluding": "7.4.5", "versionStartIncluding": "7.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C4D647A-5EA1-4047-9E59-987FC8A74F0B", "versionEndExcluding": "7.6.2", "versionStartIncluding": "7.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiManager Cloud 7.6.0 through 7.6.1, FortiManager Cloud 7.4.0 through 7.4.4, FortiManager Cloud 7.2.2 through 7.2.7, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.1 through 7.2.8 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests."}, {"lang": "es", "value": "Una neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del sistema operativo ('inyecci\u00f3n de comando del sistema operativo') en Fortinet FortiManager versiones 7.6.0 a 7.6.1, versiones 7.4.5 a 7.4.0 y versiones 7.2.1 a 7.2.8, FortiManager Cloud versiones 7.6.0 a 7.6.1, versiones 7.4.0 a 7.4.4 y versiones 7.2.2 a 7.2.7 puede permitir que un atacante remoto autenticado ejecute c\u00f3digo no autorizado a trav\u00e9s de solicitudes FGFM manipuladas."}], "id": "CVE-2024-50566", "lastModified": "2026-01-14T13:16:09.377", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-01-14T14:15:33.650", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-463"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "psirt@fortinet.com", "type": "Secondary"}]}

{}