Threat: Critical
Audience:
IT Professionals and Managers
Purpose:
An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The National Security Operations Centre (NSOC) is also available to provide additional assistance regarding the contents of this Alert to recipients as requested.
Overview:
A critical vulnerability, CVE-2024-47575, has been discovered in FortiManager, Fortinet's central management platform for FortiGate devices. This security flaw is caused by a missing authentication mechanism in the fgfmd daemon, which could allow unauthenticated attackers to execute arbitrary code on vulnerable systems. The vulnerability is actively being exploited in the wild, making it urgent to take immediate action.
Affected Products:
- FortiManager Versions:
- 6.2.0 to 6.2.12
- 6.4.0 to 6.4.14
- 7.0.0 to 7.0.12
- 7.2.0 to 7.2.7
- 7.4.0 to 7.4.4
- 7.6.0
- FortiManager Cloud Versions:
- 6.4 (all versions)
- 7.0.1 to 7.0.12
- 7.2.1 to 7.2.7
- 7.4.1 to 7.4.4
Recommendations:
- Apply Patches Immediately:
Fortinet has released patches addressing this vulnerability. Ensure that all affected FortiManager and FortiManager Cloud systems are updated to the latest available version as soon as possible. - Review Logs and Monitor for Suspicious Activity:
If your systems are running affected versions, review logs for any suspicious activities or indications of exploitation attempts. - Disable Unnecessary Access:
Restrict access to FortiManager to trusted IPs and users until patching is applied. - Consult Fortinet’s Official Advisory:
For detailed guidance on patching and remediation steps, refer to the official Fortinet advisory.
For more information on CVE-2024-47575, refer to Fortinet’s official advisory.