Introduction
A critical vulnerability, CVE-2024-47575, is currently being actively exploited in zero-day attacks, making it an immediate and severe threat. This flaw in Fortinet's FortiManager platform, used to manage Fortinet security appliances, allows attackers to gain full administrative control of affected systems. With a CVSS Version 3.x score of 9.8, i.e. critical severity, urgent action is required to mitigate the danger it poses.
Details
Fortinet has disclosed that CVE-2024-47575 affects FortiManager, which is used by organisations to manage large-scale deployments of Fortinet devices such as firewalls and VPNs. This flaw stems from improper input validation, allowing an attacker to remotely execute arbitrary code and potentially take control of the entire system. Once exploited, the attacker could manipulate security configurations, exfiltrate data, or initiate further attacks on the broader network.
This vulnerability has already been observed in zero-day attacks, meaning cyber-criminals have actively exploited it before a patch was available. Systems that are exposed to the internet or have weak access controls are particularly vulnerable, increasing the risk of undetected attacks that could severely compromise an organisation’s security.
The flaw affects the following FortiManager versions:
|
Version |
Affected |
Solution |
|
FortiManager 7.6 |
7.6.0 |
Upgrade to 7.6.1 or above |
|
FortiManager 7.4 |
7.4.0 through 7.4.4 |
Upgrade to 7.4.5 or above |
|
FortiManager 7.2 |
7.2.0 through 7.2.7 |
Upgrade to 7.2.8 or above |
|
FortiManager 7.0 |
7.0.0 through 7.0.12 |
Upgrade to 7.0.13 or above |
|
FortiManager 6.4 |
6.4.0 through 6.4.14 |
Upgrade to 6.4.15 or above |
|
FortiManager 6.2 |
6.2.0 through 6.2.12 |
Upgrade to 6.2.13 or above |
|
FortiManager Cloud 7.6 |
Not affected |
Not Applicable |
|
FortiManager Cloud 7.4 |
7.4.1 through 7.4.4 |
Upgrade to 7.4.5 or above |
|
FortiManager Cloud 7.2 |
7.2.1 through 7.2.7 |
Upgrade to 7.2.8 or above |
|
FortiManager Cloud 7.0 |
7.0.1 through 7.0.12 |
Upgrade to 7.0.13 or above |
|
FortiManager Cloud 6.4 |
6.4 all versions |
Migrate to a fixed release |
Recommendations
To mitigate the risks associated with this vulnerability, organisations should take the following steps immediately:
- Perform a compromise assessment using the indicators of compromise (IoCs) provided in the vendor’s advisory.
- Keep an eye on the vendor’s advisory and, when a security update becomes available for your version, follow the recommended recovery steps to rebuild or reinitialise the device.
- Be sure to update credentials and any user-sensitive data before installing the latest version.
- If an update isn’t available for your version yet, apply the temporary mitigations provided by the vendor.
- Once the update is released, follow the vendor’s recovery process as previously mentioned.
- Engage in continuous monitoring and threat hunting to detect any malicious activity.
- A report on this vulnerability is available to assist organisations in identifying related threats: https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575
- If you suspect a compromise, please report the incident to the Cyber Security Centre using our reporting form.