Fortinet FortiManager Critical Vulnerability - 20241024001¶
Overview¶
The WA SOC has been made aware of a critical vulnerability in Fortinet FortiManager devices that is currently being actively exploited. A missing authentication for critical function vulnerability in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
Reports have shown this vulnerability has been seen to be exploited in the wild
What is vulnerable?¶
Product(s) Affected | Affected Version(s) | CVE | CVSS | Severity |
---|---|---|---|---|
FortiManager | 7.6 - 7.6.0 7.4 - 7.4.4 7.2 - 7.2.7 7.0 - 7.0.12 6.4 - 6.4.14 6.2 - 6.2.12 |
CVE-2024-47575 | 9.8 | Critical |
Fortimanager Cloud | 7.4.1 - 7.4.4 7.2.1 - 7.2.7 7.0.1 - 7.0.12 all versions 6.4.x |
CVE-2024-47575 | 9.8 | Critical |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Fortinet has updated their security advisory addressing this vulnerability to include additional workarounds and indicators of compromise (IOCs).
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):
Other Information¶
Change Log¶
- 2024-10-24: Advisory initial creation.
- 2024-10-31: Update "What has been observed" with new information from vendor. Update "What is vulnerable" version information.