Unrated severityNVD Advisory· Published Mar 11, 2025· Updated Feb 26, 2026
CVE-2024-32123
CVE-2024-32123
Description
Multiple improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 and 5.6.0 through 5.6.11 and 5.4.0 through 5.4.7 and 5.2.0 through 5.2.10 and 5.0.0 through 5.0.12 and 4.3.4 through 4.3.8 allows attacker to execute unauthorized code or commands via crafted CLI requests.
Affected products
4cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*range: 7.4.0
- (no CPE)range: >=4.3.4, <=7.4.2
cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*range: 7.4.0
- (no CPE)range: >=4.3.4, <=7.4.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.