Home > Security Bulletins > FortiManager API Critical Vulnerability – CVE-2024-47575

FortiManager API Critical Vulnerability – CVE-2024-47575

Thursday 24th October 2024

Summary

Yesterday, Fortinet disclosed a critical vulnerability in the FortiManager API. CVE-2024-47575 (CVSS v3: 9.8 [Critical]) is known to be exploited in attacks to exfiltrated sensitive files which include credentials for managed devices, IP address, and configurations.

Fortinet privately disclosed this vulnerability to customers from October 13th.

Fortinet’s security advisory says “A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests”.

According to BleepingComputer, “A source familiar with the attacks told BleepingComputer that the advisory is missing some critical information to exploit the bug: threat actors must first extract a valid certificate from any owned or compromised Fortinet devices, including FortiManager VM.”

Affected Products

Version Affected Solution
FortiManager 7.6 7.6.0 Upgrade to 7.6.1 or above
FortiManager 7.4 7.4.0 through 7.4.4 Upgrade to 7.4.5 or above
FortiManager 7.2 7.2.0 through 7.2.7 Upgrade to 7.2.8 or above
FortiManager 7.0 7.0.0 through 7.0.12 Upgrade to 7.0.13 or above
FortiManager 6.4 6.4.0 through 6.4.14 Upgrade to 6.4.15 or above
FortiManager 6.2 6.2.0 through 6.2.12 Upgrade to 6.2.13 or above
FortiManager Cloud 7.6 Not affected Not Applicable
FortiManager Cloud 7.4 7.4.1 through 7.4.4 Upgrade to 7.4.5 or above
FortiManager Cloud 7.2 7.2.1 through 7.2.7 Upgrade to 7.2.8 or above
FortiManager Cloud 7.0 7.0.1 through 7.0.12 Upgrade to 7.0.13 or above
FortiManager Cloud 6.4 6.4 all versions Migrate to a fixed release