Executive Risk Summary
"A critical vulnerability in FortiManager allows attackers to execute arbitrary code or commands via specially crafted requests, potentially leading to unauthorized access and system compromise. Affected versions include FortiManager 7.6.0, 7.4.0-7.4.4, 7.2.0-7.2.7, 7.0.0-7.0.12, 6.4.0-6.4.14, and 6.2.0-6.2.12, as well as FortiManager Cloud versions."
Operational Audit Arsenal
Manual Verification Required
This is a non-Windows asset (Fortinet). Use the target asset details above to verify your version against vendor advisories.
Patch Impact Forecast
Moderate to High
Internal Work Notes
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Scope of Impact
Original NVD Description
"A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests."