Specially crafted requests can execute arbitrary code or commands in FortiManager
Key Information
- Vendor
- Fortinet
- Status
- Fortimanager
- Vendor
- CVE Published:
- 23 October 2024
Badges
Summary
A critical vulnerability identified as CVE-2024-47575 in Fortinet's FortiManager tool has been actively exploited by an unknown threat actor known as UNC5820, impacting over 50 systems across various industries. This vulnerability, rated 9.8 out of 10 on the CVSS, allows remote attackers to execute arbitrary code or commands by exploiting a missing authentication function in the FortiManager software. The attacker used this flaw to gain unauthorized access and steal sensitive information from compromised FortiManager devices, including configuration data, usernames, and passwords. While no follow-on attacks have been observed to date, the potential impact of this exploitation is severe, considering the widespread use of FortiGate devices for protecting critical infrastructure and data in enterprise environments. The security response includes a patch release from Fortinet, urging organizations to apply the update, review access logs for suspicious activity, and implement network segmentation and continuous monitoring as mitigation measures.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-47575 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
FortiManager = 7.6.0
FortiManager <= 7.4.4
FortiManager <= 7.2.7
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Darktrace CVE-2024-47575Post Exploitation Activities on Fortinet Devices: A Network-Based Analysis | Darktrace Blog
This blog explores recent findings from Darktrace's Threat Research team on active exploitation campaigns targeting Fortinet appliances. This analysis focuses on the September 2024 exploitation of FortiManager via CVE-2024-47575, alongside related malicious activity observed in June 2024.
4 days ago
watchTowr Labs - Blog CVE-2024-47575Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575
It’s been a tricky time for Fortinet (and their customers) lately - arguably, even more so than usual. Adding to the steady flow of vulnerabilities in appliances recently was a nasty CVSS 9.8 vulnerability in FortiManager, their tool for central management of FortiGate appliances. As always, the op...
6 days ago
The Cyber Express CVE-2024-47575FortiManager May Still Be Vulnerable Despite FortiJump Patch
The FortiJump vulnerability in Fortinet FortiManager may not have been completely fixed by last month's patch. Users are urged to apply mitigations.
2 weeks ago
EPSS Score
5% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit exists.
Vulnerability started trending.
- 🔥
Vulnerability reached the number 1 worldwide trending spot.
Risk change from: null to: 9.8 - (CRITICAL)
First article discovered by BleepingComputer
Vulnerability published.