Specially crafted requests can execute arbitrary code or commands in FortiManager

CVE-2024-47575

9.8CRITICAL

Key Information

Vendor
Fortinet
Status
Fortimanager
Vendor
CVE Published:
23 October 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists🔴 Public PoC🟡 EPSS 88%📰 News Worthy

What is CVE-2024-47575?

CVE-2024-47575 is a serious security vulnerability affecting FortiManager, a centralized management solution for Fortinet security products, designed to streamline network security operations. This vulnerability arises from a lack of proper authentication for critical functions within FortiManager versions 6.2.0 to 7.6.0 and its cloud equivalents. If exploited, it could allow an attacker to execute arbitrary code or commands, posing a significant risk to the integrity and confidentiality of an organization's network security infrastructure.

Technical Details

The vulnerability occurs due to insufficient authentication mechanisms in specific versions of FortiManager. Attackers can send specially crafted requests that bypass security controls, enabling them to execute arbitrary commands on the affected systems. This flaw affects a range of FortiManager releases, making it critical for organizations using these versions to address the issue promptly. Successful exploitation could lead to severe compromises within their security environment.

Impact of the Vulnerability

  1. Arbitrary Code Execution: Attackers can execute any command of their choice, potentially taking full control of the affected system, which may lead to unauthorized access to sensitive data and configurations.

  2. Compromise of Network Security: Given FortiManager's role in managing numerous security devices, exploitation of this vulnerability could grant attackers the ability to manipulate security policies, disable protections, or deploy malicious configurations across an organization’s network.

  3. Increased Risk of Further Attacks: Exploiting this vulnerability could serve as a foothold for additional attacks, such as data theft, lateral movement within corporate networks, or the deployment of ransomware, thus escalating the overall impact on the organization.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-47575 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

FortiManager = 7.6.0

FortiManager <= 7.4.4

FortiManager <= 7.2.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Fortijump-Exploit-CVE-2024-47575
Created by watchtowrlabs

cve-2024-47575-poc
Created by XiaomingX

exploit-cve-2024-47575
Created by skyalliance

News Articles

favicon imageDarktrace

Post Exploitation Activities on Fortinet Devices: A Network-Based Analysis | Darktrace Blog

This blog explores recent findings from Darktrace's Threat Research team on active exploitation campaigns targeting Fortinet appliances. This analysis focuses on the September 2024 exploitation of FortiManager via CVE-2024-47575, alongside related malicious activity observed in June 2024.

1 month ago

favicon imagewatchTowr Labs - Blog

Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575

It’s been a tricky time for Fortinet (and their customers) lately - arguably, even more so than usual. Adding to the steady flow of vulnerabilities in appliances recently was a nasty CVSS 9.8 vulnerability in FortiManager, their tool for central management of FortiGate appliances. As always, the op...

1 month ago

favicon imageThe Cyber Express

FortiManager May Still Be Vulnerable Despite FortiJump Patch

The FortiJump vulnerability in Fortinet FortiManager may not have been completely fixed by last month's patch. Users are urged to apply mitigations.

2 months ago

Refferences

https://fortiguard.fortinet.com/psirt/FG-IR-24-423

EPSS Score

88% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🔴

    Public PoC available

  • 🔥

    Vulnerability reached the number 1 worldwide trending spot

  • Vulnerability started trending

  • 😈

    Used in Ransomware

  • 👾

    Exploit known to exist

  • CISA Reported

  • First article discovered by BleepingComputer

  • Vulnerability published

Collectors

NVD DatabaseMitre DatabaseCISA Database3 Proof of Concept(s)16 News Article(s)
.