Security advisories

FortiManager Zero-Day Vulnerability (CVE-2024-47575)

October 23, 2024 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

On October 23rd, Fortinet disclosed an actively exploited critical zero-day vulnerability impacting multiple versions for FortiManager. The vulnerability, tracked as CVE-2024-47575 (CVSS: 9.8), is due to missing authentication for a function in the FortiManager fgfmd daemon. Exploitation would allow a remote and unauthenticated threat actor to execute arbitrary code or commands via specially crafted requests. At this time, real-world attacks are reported to have resulted in the theft of sensitive files which contain IPs, credentials, and configuration details.

As exploitation has been confirmed, it is critical that organizations using FortiManager apply the relevant security patches or alternative mitigations immediately.

What we’re doing about it

What you should do about it

Additional information

eSentire was alerted to this vulnerability via a private information sharing partner on October 18th, allowing for proactive threat hunts and blocking of malicious infrastructure prior to public disclosure of CVE-2024-47575. Details on real-world exploitation are currently minimal. The eSentire Threat Response Unit (TRU) will continue tracking this vulnerability for additional details and detection opportunities.

Version

Impacted

Fixed Version

FortiManager 7.6

7.6.0

Upgrade to 7.6.1 or above

FortiManager 7.4

7.4.0 through 7.4.4

Upgrade to 7.4.5 or above

FortiManager 7.2

7.2.0 through 7.2.7

Upgrade to 7.2.8 or above

FortiManager 7.0

7.0.0 through 7.0.12

Upgrade to 7.0.13 or above

FortiManager 6.4

6.4.0 through 6.4.14

Upgrade to 6.4.15 or above

FortiManager 6.2

6.2.0 through 6.2.12

Upgrade to 6.2.13 or above

FortiManager Cloud 7.4

7.4.1 through 7.4.4

Upgrade to 7.4.5 or above

FortiManager Cloud 7.2

7.2.1 through 7.2.7

Upgrade to 7.2.8 or above

FortiManager Cloud 7.0

7.0.1 through 7.0.12

Upgrade to 7.0.13 or above

FortiManager Cloud 6.4

6.4 all versions

Migrate to a fixed release

References:

[1] https://www.fortiguard.com/psirt/FG-IR-24-423
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-47575
[3] https://www.fortiguard.com/psirt/FG-IR-24-423#:~:text=Workarounds,the%20above%20workarounds.

View Most Recent Advisories