U.S. CISA Adds Fortinet FortiManager Flaw to Known Exploited Vulnerabilities Catalog

October 24, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a missing authentication vulnerability in Fortinet FortiManager, identified as CVE-2024-47575. This flaw, which has a CVSS v4 score of 9.8, allows attackers to execute arbitrary code or commands through specially crafted requests.

Fortinet's advisory explains that a 'missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.' The company confirmed that this vulnerability has been exploited in the wild, with attackers automating the exfiltration of various files from the FortiManager.

Despite this, Fortinet reports that there have been no instances of malware or backdoors being deployed on compromised systems. The advisory states: 'At this stage, we have not received reports of any low-level system installations of malware or backdoors on these compromised FortiManager systems. To the best of our knowledge, there have been no indicators of modified databases, or connections and modifications to the managed devices.'

The vulnerability affects specific versions of FortiManager and FortiManager Cloud. In response, Fortinet has published Indicators of Compromise (IOCs) to detect exploitation attempts and provided workarounds to mitigate the risk of attacks exploiting this vulnerability.

As per the Binding Operational Directive (BOD) 22-01, federal agencies are required to address these identified vulnerabilities by November 13, 2024, to protect their networks. Experts recommend that private organizations also review the Catalog and address the vulnerabilities in their infrastructure.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.