Cybersecurity company Fortinet has confirmed that a critical security vulnerability in FortiManager devices has reportedly been actively exploited in the wild.
The critical vulnerability dubbed as CVE-2024-47575 (CVSS score: 9.8), also known as FortiJump, originates from the FortiGate to FortiManager (FGFM) protocol in FortiManager and FortiManager Cloud.
“A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon, which may allow a remote unauthenticated attacker to execute arbitrary commands or codes via specially crafted requests, the company explained in a security advisory published on Wednesday for its FortiManager platform.
“Reports have shown this vulnerability to be exploited in the wild,” the company noted.
Further, the following multiple versions of FortiManager as well as cloud-based FortiManager Cloud are affected by the vulnerability:
- FortiManager 7.6 (versions prior to 7.6.1)
- FortiManager 7.4 (versions 7.4.0 through 7.4.4)
- FortiManager 7.2 (versions 7.2.0 through 7.2.7)
- FortiManager 7.0 (versions 7.0.0 through 7.0.12)
- FortiManager 6.4 (versions 6.4.0 through 6.4.14)
- FortiManager 6.2 (versions 6.2.0 through 6.2.12)
- FortiManager Cloud 7.4 (versions 7.4.1 through 7.4.4)
- FortiManager Cloud 7.2 (versions 7.2.1 through 7.2.7)
- FortiManager Cloud 7.0 (versions 7.0.1 through 7.0.12)
- FortiManager Cloud 6.4 (versions 6.4 all versions)
Besides the above versions, the vulnerability also affects old FortiAnalyzer models 1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G, and 3900E that have at least one interface with fgfm service enabled and the following feature enabled (FortiManager on FortiAnalyzer):
Also Read: Facebook Lock Profile is Not Showing? [ FIXED ]
Given the high severity of the vulnerability, Fortinet has recommended that impacted users take immediate action and upgrade to fixed versions as outlined in the advisory as soon as possible.
Alternatively, users can use any one of the following workarounds to mitigate the flaw depending on the current version of FortiManager installed:
- For FortiManager, versions 7.0.12 or above, 7.2.5 or above, and 7.4.3 or above (but not 7.6.0) prevent unknown devices from attempting to register.
- For FortiManager versions 7.2.0 and above, you may add local-in policies to whitelist the IP addresses of FortiGates that are allowed to connect.
- Use a custom certificate to mitigate the issue for FortiManager versions 7.2.2 and above, 7.4.0 and above, and 7.6.0 and above.
FortiManager has released only versions 7.2.8 and 7.4.5, and the remaining are expected to be released in the coming days.
The company has additionally shared a set of possible indicators of compromise (IoCs), such as log entries, specific IP addresses, serial numbers, and files (which may not appear in all cases) associated with malicious activity.
According to a report, the company began privately alerting FortiManager customers about the FortiManager vulnerability on October 13, 2024.
“After identifying this vulnerability (CVE-2024-47575), Fortinet promptly communicated critical information and resources to customers. This is in line with our processes and best practices for responsible disclosure to enable customers to strengthen their security posture prior to an advisory being publicly released to a broader audience, including threat actors,” the company said in the statement issued.
“We also have published a corresponding public advisory (FG-IR-24-423) reiterating mitigation guidance, including a workaround and patch updates. We urge customers to follow the guidance provided to implement the workarounds and fixes and to continue tracking our advisory page for updates. We continue to coordinate with the appropriate international government agencies and industry threat organizations as part of our ongoing response.”
Also Read: 7 Best NTFS Driver for Mac in 2024
Leave a Reply