Latest FortiManager vulnerability #

Fortinet has issued an advisory for its Fortinet FortiManager product. The vendor confirms that this vulnerability is being actively exploited in the wild.

This vulnerability has been designated CVE-2024-47575 and has been assigned a CVSS score of 9.8 (extremely critical).

Note that this vulnerability is the same one discussed in an earlier version of this blog post, prior to vendor confirmation.

What is the impact? #

The vulnerability would allow remote code execution by an attacker with upon connection to a FortiManager instance. Attackers need to have a valid Fortinet device certificate, but this certificate can be obtained from an existing Fortinet device and reused.

Successful exploitation of this attack is reported to allow remote code execution, potentially leading to total compromise of the vulnerable system.

The vendor has released a list of indicators of compromise (IOCs); users are encouraged to use this list to determine if a system has been successfully attacked.

Are updates or workarounds available? #

The vendor has released updates and mitigation strategies to address this issue, and the vendor advises users to update as quickly as possible. Mitigation strategies include disabling the affected service and denying registration to systems with unknown serial numbers.

How to find potentially vulnerable systems with runZero #

From the Asset Inventory, use the following query to locate systems running potentially vulnerable software:

hw:FortiManager

Written by Rob King

Rob King is the Director of Security Research at runZero. Over his career Rob has served as a senior researcher with KoreLogic, the architect for TippingPoint DVLabs, and helped get several startups off the ground. Rob helped design SC Magazine's Data Leakage Prevention Product of the Year for 2010, and was awarded the 3Com Innovator of the Year Award in 2009. He has been invited to speak at BlackHat, Shmoocon, SANS Network Security, and USENIX.

More about Rob King
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

Rapid Response
How to find Cisco NX-OS assets on your network
Cisco has released an advisory for a vulnerability found within their NX-OS software. Here's how to find affected assets.
Rapid Response
How to find Citrix Virtual Apps and Desktops software on your network
Citrix has released an advisory for two vulnerabilities affecting Citrix Virtual Apps and Desktops software.
Rapid Response
How to find SolarWinds Web Help Desk services on your network
CISA has announced that CVE-2024-28987 is actively being exploited in SolarWinds' Web Help Desk software. Here's how to find potentially affected...
Rapid Response
How to find SuperMicro BMCs
Supermicro released a vulnerability advisory for a critical CVE that allows for remote code execution (CVE-2024-36435). Here's how to find impacted...

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved