CVE-2024-47575 is a critical zero-day vulnerability identified in Fortinetโs FortiManager, primarily due to missing authentication checks on a critical function in its fgfmd daemon. Rated with a CVSS score of 9.8, the flaw enables unauthenticated remote attackers to execute arbitrary code or commands on vulnerable devices through specially crafted requests. Fortinet has reported active exploitation of this vulnerability, which can lead to unauthorized data exfiltration, including sensitive information like FortiGate configurations, device metadata, and network-wide settings.
The vulnerability affects several FortiManager versions, including 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7.
Fortinet has released patches and recommends updating affected systems promptly. Additionally, they have provided mitigation strategies for those unable to upgrade immediately, such as restricting device connections and setting local policies.
To identify signs of compromise, users should monitor for unusual outbound traffic and rogue devices in FortiManagerโs database, as well as specific indicators in system logs and configurations. This vulnerability has also been linked to espionage activities, adding urgency to mitigation efforts.
See more details on: