New Advisory: (Critical) FortiManager Zero-Day Exploitation

ⓘ This advisory addresses a zero-day vulnerability impacting FortiManager and FortiManagerCloud.

Attention constituent: 

A known, successfully exploited critical zero-day vulnerability (CVE-2024-47575) has been identified in Fortinet’s FortiManager and FortiManager Cloud platforms. This vulnerability stems from missing authentication in the FortiGate to FortiManager (FGFM) daemon (fgfmsd). Exploitation of this flaw allows remote, unauthenticated attackers to execute arbitrary code or commands via specially crafted requests.

CVE: CVE-2024-47575
Severity: Critical (CVSS: 9.8)
Affected Platforms: FortiManager and FortiManager Cloud

Versions impacted:

  • FortiManager 7.6.0
  • FortiManager 7.4.0 through 7.4.4
  • FortiManager 7.2.0 through 7.2.7
  • FortiManager 7.0.0 through 7.0.12
  • FortiManager 6.4.0 through 6.4.14
  • FortiManager 6.2.0 through 6.2.12
  • FortiManager Cloud 7.4.1 through 7.4.4
  • FortiManager Cloud 7.2 (all versions)
  • FortiManager Cloud 7.0 (all versions)
  • FortiManager Cloud 6.4 (all versions)

Consequences: Successful exploitation of this vulnerability can lead to unauthorised access and control over FortiManager devices. Attackers can view and modify configuration files, obtain sensitive information, and potentially manage other connected devices. This could result in significant security breaches, data exfiltration, and further lateral movement within the network.

Remediation
  1. Investigate: Conduct a forensic investigation to identify any signs of compromise.
  2. Patch: Apply the latest security updates or workarounds provided by Fortinet as soon as they are available. Monitor Fortinet’s advisory page for updates.
  3. Mitigate: Implement network segmentation to limit access to FortiManager devices and regularly review and update access controls and authentication mechanisms.

For further detailed information and updates, please refer to the following resources:

Best,

 

Scroll to Top
Skip to content