FortiManager Remote Code Execution Vulnerability (CVE-2024-47575)

A critical Remote Code Execution vulnerability (CVE-2024-47575) was recently identified in FortiManager and is actively being exploited in the wild.  A missing authentication for critical function in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.

Fortinet has released the fixed versions to remediate the vulnerability and urge customers to apply the fix IMMEDIATELY.

 

Vulnerability

  • Remote Code Execution Vulnerability (CVE-2024-47575)

 

Severity Level

  • Critical

 

Affected Products

  • FortiManager 7.6.0
  • FortiManager 7.4.0 through 7.4.4
  • FortiManager 7.2.0 through 7.2.7
  • FortiManager 7.0.0 through 7.0.12
  • FortiManager 6.4.0 through 6.4.14
  • FortiManager 6.2.0 through 6.2.12
  • FortiManager Cloud 7.4.1 through 7.4.4
  • FortiManager Cloud 7.2 (all versions)
  • FortiManager Cloud 7.0 (all versions)
  • FortiManager Cloud 6.4 (all versions)
  • Old FortiAnalyzer models 1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G, 3900E with the following feature enabled (FortiManager on FortiAnalyzer):
         config system global
         set fmg-status enable
         end
    and at least one interface with fgfm service enabled are also impacted by this vulnerability.

 

Remediation

  • Please apply the latest patches in affected devices IMMEDIATELY.
  • Follow the workarounds (depending on the version you are running) in PSIRT | FortiGuard Labs if applicable.

 

Reference

 

Enquiry

 

 

Published on: 31 Oct 2024