Fortinet has made the news once again with a critical flaw in their software management platform FortiManager which could allow a remote attacker to run code on unpatched systems and, due to the managerial nature of the application, possibly spread further into the network.
The vulnerability tracked, as CVE-2024-47575, has a CVSS score of 9.8 and according to Fortinet’s Advisory is being actively exploited in the wild.
The root cause of the vulnerability is a lack of authentication for a critical function in FortiManager’s fgfmd daemon which could allow an attacker to execute arbitrary code on affected systems via specially crafted requests. This daemon was also the origin of another critical vulnerability we covered which you can read about here for more details.
Why is this relevant to me?
FortiManager is widely used by organizations to manage their security infrastructure. Organisations that collect and store your data with your consent on a regular basis. The implications of this vulnerability extend beyond the IT departments; they could affect the personal data and privacy of countless individuals.
Most data breaches originate from vulnerabilities in software and systems such as FortiManager. These vulnerabilities serve as gateways for cybercriminals to exploit, allowing unauthorized access to your information. Various studies have shown that over 80% of data breaches can be traced back to hacking incidents that leverage these weaknesses.
When vulnerabilities like this one in FortiManager are left unaddressed, they can lead to severe consequences.
Mitigations
Fortinet’s advisory contains the following table to aid in the mitigation and patching of this vulnerability.
Furthermore, Fortinet has also released Indicators of Compromise(IoCs) to help detect exploitation of this vulnerability, recovery methods in the case of exploitation, and recommended several workarounds in their advisory which can be found here.
Leave a Reply