Thursday 24th October 2024
Summary
Yesterday, Fortinet disclosed a critical vulnerability in the FortiManager API. CVE-2024-47575 (CVSS v3: 9.8 [Critical]) is known to be exploited in attacks to exfiltrated sensitive files which include credentials for managed devices, IP address, and configurations.
Fortinet privately disclosed this vulnerability to customers from October 13th.
Fortinet’s security advisory says “A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests”.
According to BleepingComputer, “A source familiar with the attacks told BleepingComputer that the advisory is missing some critical information to exploit the bug: threat actors must first extract a valid certificate from any owned or compromised Fortinet devices, including FortiManager VM.”
Affected Products
Version | Affected | Solution |
---|---|---|
FortiManager 7.6 | 7.6.0 | Upgrade to 7.6.1 or above |
FortiManager 7.4 | 7.4.0 through 7.4.4 | Upgrade to 7.4.5 or above |
FortiManager 7.2 | 7.2.0 through 7.2.7 | Upgrade to 7.2.8 or above |
FortiManager 7.0 | 7.0.0 through 7.0.12 | Upgrade to 7.0.13 or above |
FortiManager 6.4 | 6.4.0 through 6.4.14 | Upgrade to 6.4.15 or above |
FortiManager 6.2 | 6.2.0 through 6.2.12 | Upgrade to 6.2.13 or above |
FortiManager Cloud 7.6 | Not affected | Not Applicable |
FortiManager Cloud 7.4 | 7.4.1 through 7.4.4 | Upgrade to 7.4.5 or above |
FortiManager Cloud 7.2 | 7.2.1 through 7.2.7 | Upgrade to 7.2.8 or above |
FortiManager Cloud 7.0 | 7.0.1 through 7.0.12 | Upgrade to 7.0.13 or above |
FortiManager Cloud 6.4 | 6.4 all versions | Migrate to a fixed release |