Red Hot Cyber
Cybersecurity is about sharing.
Recognize the risk, combat it, share your experiences,
and encourage others to do better than you.
Menu
Redazione RHC : 24 October 2024 08:56
Recently, Fortinet disclosed a critical vulnerability, identified as CVE-2024-47575, affecting FortiManager.
This is a missing authentication vulnerability for critical functions [CWE-306] in the FortiManager fgfmd daemon, which could allow an unauthenticated remote attacker to execute arbitrary code or commands via specially crafted requests.
With a CVSS score of 9.8, this flaw poses a significant threat to organisations using these systems.
| Version | Affected | Solution |
|---|---|---|
| FortiManager 7.6 | 7.6.0 | Upgrade to 7.6.1 or above |
| FortiManager 7.4 | 7.4.0 through 7.4.4 | Upgrade to 7.4.5 or above |
| FortiManager 7.2 | 7.2.0 through 7.2.7 | Upgrade to 7.2.8 or above |
| FortiManager 7.0 | 7.0.0 through 7.0.12 | Upgrade to 7.0.13 or above |
| FortiManager 6.4 | 6.4.0 through 6.4.14 | Upgrade to 6.4.15 or above |
| FortiManager 6.2 | 6.2.0 through 6.2.12 | Upgrade to 6.2.13 or above |
| FortiManager Cloud 7.6 | Not affected | Not Applicable |
| FortiManager Cloud 7.4 | 7.4.1 through 7.4.4 | Upgrade to 7.4.5 or above |
| FortiManager Cloud 7.2 | 7.2.1 through 7.2.7 | Upgrade to 7.2.8 or above |
| FortiManager Cloud 7.0 | 7.0.1 through 7.0.12 | Upgrade to 7.0.13 or above |
| FortiManager Cloud 6.4 | 6.4 all versions | Migrate to a fixed release |
Acquista il corso Dark Web & Cyber Threat Intelligence (e-learning version)
Il Dark Web e la Cyber Threat Intelligence rappresentano aree critiche per comprendere le minacce informatiche moderne. Tra ransomware, data breach e attività illecite, le organizzazioni devono affrontare sfide sempre più complesse per proteggere i propri dati e le infrastrutture. Il nostro corso “Dark Web & Cyber Threat Intelligence” ti guiderà attraverso i meccanismi e le strategie utilizzate dai criminali informatici, fornendoti competenze pratiche per monitorare, analizzare e anticipare le minacce.
Accedi alla pagina del corso condotto dall'Prof. Pietro Melillo sulla nostra Academy e segui l'anteprima gratuita.
Per un periodo limitato, potrai utilizzare il COUPON CTI-16253 che ti
darà diritto ad uno sconto del 20% sul prezzo di copertina del corso
Per ulteriori informazioni, scrivici ad [email protected] oppure scrivici su Whatsapp al 379 163 8765.
Supporta RHC attraverso:
Ti piacciono gli articoli di Red Hot Cyber? Non aspettare oltre, iscriviti alla newsletter settimanale per non perdere nessun articolo.
According to the Fortinet bulletin, this vulnerability appears to have been actively exploited by malicious actors. The Fortinet bulletin also contains specific IoC compromise indicators.
Fortinet has released security updates to mitigate this vulnerability. Users are strongly encouraged to upgrade to patched versions of FortiMamnager to reduce the risk of exploitation. Updates are critical not only to fix known vulnerabilities, but also to ensure continued protection against future threats.
In addition to updates, Fortinet recommends closely monitoring system logs as this flaw is under active exploitation. Careful analysis can help detect suspicious activity that could indicate an attempt to exploit the vulnerability.
It is crucial that companies understand the importance of keeping their systems up-to-date and taking proactive measures to prevent cyber attacks. Vulnerability management must be an integral part of any organisation’s cyber security strategy, considering the ever-changing threat landscape.
Finally, Fortinet has created a dedicated vulnerability page where users can find further details and useful resources. For more information, you can visit the FortiGuard website here.
Redazione