Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Fortinet Confirms Zero-Day Exploit Targeting FortiManager Systems

Fortinet confirms zero-day exploits hitting critical (CVSS severity score 9.8/10) remote code execution bug in the FortiManager platform.

Fortinet vulnerability

Another critical Fortinet zero-day has been discovered being exploited in-the-wild.

The US government’s cybersecurity agency CISA on Wednesday called urgent attention to a critical vulnerability in Fortinet’s FortiManager platform and warned that remote hackers are already launching code execution exploits.

The security defect, tracked as CVE-2024-47575, is documented as a  “missing authentication for critical function vulnerability” in the FortiManager fgfmd daemon.

According to a critical-severity Fortinet advisory, the bug opens the door for remote unauthenticated attackers to execute arbitrary code or commands via specially crafted requests. It carries a CVSS severity score of 9.8/10.

“Reports have shown this vulnerability to be exploited in the wild,” the company said. 

“The identified actions of this attack in the wild have been to automate via a script the exfiltration of various files from the FortiManager which contained the IPs, credentials and configurations of the managed devices,” Fortinet added.

Advertisement. Scroll to continue reading.

Fortinet said it has not received reports of any low-level system installations of malware or backdoors on compromised FortiManager systems. “To the best of our knowledge, there have been no indicators of modified databases, or connections and modifications to the managed devices,” the company said.

Fortinet urged users to upgrade immediately to fixed versions across multiple product lines, with patches available for versions 7.0, 7.2, 7.4, and 7.6 of FortiManager. 

The company also published IOCs and technical workarounds to limit exposure by implementing IP whitelists and enabling certificate-based authentication

Affected users are being pushed to to reset credentials and thoroughly audit logs for signs of unauthorized activity starting from the known compromise date.

Since 2002, there have been at least 8 documented Fortinet zero-days added to CISA’s KEV (Known Exploited Vulnerabilities) catalog. These include gaping holes in the FortiOS SSL-VPN, FortiOS and FortiOS sslvpnd.

FortiManager is an enterprise-facing product used in network management and security operations.

Related: Organizations Warned of Exploited Fortinet FortiOS Vulnerability

Related: Fortinet Patches Code Execution Vulnerability in FortiOS

Related: Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks

Related: Fortinet Patches Critical Vulnerabilities Leading to Code Execution

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.