Severity Level: Critical
Title:
Fortinet FortiManager Critical Zero Day Vulnerability
Summary:
A critical vulnerability (CVE-2024-47575) in Fortinet's FortiManager API has been disclosed and is actively exploited in the wild. This flaw allows unauthenticated remote attackers to execute arbitrary code or commands, potentially leading to data theft and network compromise. The vulnerability affects multiple versions of FortiManager, including both on-premises and cloud deployments.
Key points:
• CVE-2024-47575 has a CVSS score of 9.8 out of 10
• Attackers have exploited this flaw to steal sensitive data, including device configurations, IP addresses, and credentials
• The vulnerability impacts FortiManager versions 6.2.x through 7.6.0
• Fortinet has released patches for some affected versions and provided mitigation strategies Vulnerability Details:
• CVE-2024-47575 is an authentication bypass vulnerability in the FortiManager fgfmd daemon.
It allows unauthenticated attackers to execute arbitrary code or commands through specially crafted requests.
• Attackers must first obtain a valid certificate from a compromised or owned Fortinet device.
They can then connect to exposed FortiManager servers and exploit the vulnerability in the FGFM API to bypass authentication and execute commands
Recommendation:
Update Immediately:
Upgrade to the latest patched version of FortiManager as soon as possible.
• Apply Mitigations: If immediate patching is not feasible, implement the recommended mitigations.
• Monitor for Indicators of Compromise: Check for unauthorized "localhost" devices in the Unregistered Devices section and review logs for suspicious API commands.
• Enhance Network Segmentation: Isolate FortiManager instances from direct internet access where possible.
References:
click here