Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search

Fortinet Issues Bulletin for Critical 9.8 Bug on FortiManager under Active Exploitation

Redazione RHC : 24 October 2024 08:56

Recently, Fortinet disclosed a critical vulnerability, identified as CVE-2024-47575, affecting FortiManager.

This is a missing authentication vulnerability for critical functions [CWE-306] in the FortiManager fgfmd daemon, which could allow an unauthenticated remote attacker to execute arbitrary code or commands via specially crafted requests.

With a CVSS score of 9.8, this flaw poses a significant threat to organisations using these systems.

VersionAffectedSolution
FortiManager 7.67.6.0Upgrade to 7.6.1 or above
FortiManager 7.47.4.0 through 7.4.4Upgrade to 7.4.5 or above
FortiManager 7.27.2.0 through 7.2.7Upgrade to 7.2.8 or above
FortiManager 7.07.0.0 through 7.0.12Upgrade to 7.0.13 or above
FortiManager 6.46.4.0 through 6.4.14Upgrade to 6.4.15 or above
FortiManager 6.26.2.0 through 6.2.12Upgrade to 6.2.13 or above
FortiManager Cloud 7.6Not affectedNot Applicable
FortiManager Cloud 7.47.4.1 through 7.4.4Upgrade to 7.4.5 or above
FortiManager Cloud 7.27.2.1 through 7.2.7Upgrade to 7.2.8 or above
FortiManager Cloud 7.07.0.1 through 7.0.12Upgrade to 7.0.13 or above
FortiManager Cloud 6.46.4 all versionsMigrate to a fixed release

Iscriviti GRATIS ai WorkShop Hands-On della RHC Conference 2025 (Giovedì 8 maggio 2025)

Il giorno giovedì 8 maggio 2025 presso il teatro Italia di Roma (a due passi dalla stazione termini e dalla metro B di Piazza Bologna), si terranno i workshop "hands-on", creati per far avvicinare i ragazzi (o persone di qualsiasi età) alla sicurezza informatica e alla tecnologia. Questo anno i workshop saranno:

  • Creare Un Sistema Ai Di Visual Object Tracking (Hands on)
  • Social Engineering 2.0: Alla Scoperta Delle Minacce DeepFake
  • Doxing Con Langflow: Stiamo Costruendo La Fine Della Privacy?
  • Come Hackerare Un Sito WordPress (Hands on)
  • Il Cyberbullismo Tra Virtuale E Reale
  • Come Entrare Nel Dark Web In Sicurezza (Hands on)

  • Potete iscrivervi gratuitamente all'evento, che è stato creato per poter ispirare i ragazzi verso la sicurezza informatica e la tecnologia.
    Per ulteriori informazioni, scrivi a [email protected] oppure su Whatsapp al 379 163 8765


    Supporta RHC attraverso:


    Ti piacciono gli articoli di Red Hot Cyber? Non aspettare oltre, iscriviti alla newsletter settimanale per non perdere nessun articolo.

    According to the Fortinet bulletin, this vulnerability appears to have been actively exploited by malicious actors. The Fortinet bulletin also contains specific IoC compromise indicators.

    Fortinet has released security updates to mitigate this vulnerability. Users are strongly encouraged to upgrade to patched versions of FortiMamnager to reduce the risk of exploitation. Updates are critical not only to fix known vulnerabilities, but also to ensure continued protection against future threats.

    In addition to updates, Fortinet recommends closely monitoring system logs as this flaw is under active exploitation. Careful analysis can help detect suspicious activity that could indicate an attempt to exploit the vulnerability.

    It is crucial that companies understand the importance of keeping their systems up-to-date and taking proactive measures to prevent cyber attacks. Vulnerability management must be an integral part of any organisation’s cyber security strategy, considering the ever-changing threat landscape.

    Finally, Fortinet has created a dedicated vulnerability page where users can find further details and useful resources. For more information, you can visit the FortiGuard website here.

    Redazione
    The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.