3 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITies
FortiManager Missing Authentication Vulnerability
CVSS Score: 9.8 (Critical)
Identifier: CVE-2024-47575
Exploit or POC: Yes, there are reports of active exploitation in the wild. Update: CVE-2024-47575 – Fortinet Security Advisory https://www.fortiguard.com/psirt/FG-IR-24-423
Description: CVE-2024-47575, also known as the "FortiJump" vulnerability, is a critical issue found in FortiManager. The vulnerability is caused by missing authentication in the FGFM daemon (FortiGate to FortiManager protocol), allowing unauthenticated remote attackers to execute arbitrary code through specially crafted requests. This vulnerability affects multiple versions of FortiManager and older models of FortiAnalyzer that have the FGFM service enabled.
Mitigation Recommendation: Patching is currently the only method of mitigation. Fortinet has provided security patches and workarounds for affected versions. Please update to the latest software versions as listed in the Fortinet Security Advisory. In the meantime, restrict access and use local-in policies to allow-list specific IP addresses to mitigate exposure.
