Network Security Alert: Potential Vulnerability in FortiManager Network Management System
On October 23, 2024, cybersecurity company Fortinet released an advisory for a critical zero-day vulnerability, CVE-2024-47575, affecting several versions of their FortiManager network management software. This vulnerability, identified as CWE-306, is a missing authentication for critical functions, allowing a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
The vulnerability has been exploited in the wild, as reported by various sources. Since mid-October, the flaw has been discussed online, but no specific Australian organisations have been publicly identified as using FortiManager devices affected by CVE-2024-47575.
The Fortinet advisory includes indicators of compromise, workarounds, and recovery methods. The Australian Cyber Security Centre has issued a warning for Australian organisations to review their networks for vulnerable instances of FortiManager devices.
At this stage, no low-level system installations of malware or backdoors have been reported on compromised FortiManager systems. No indicators of modified databases, or connections and modifications to the managed device have been observed. However, the execution of arbitrary code or commands on compromised FortiManager systems has been noted.
This is not the first time Fortinet has faced zero-day vulnerabilities. Since 2002, at least eight documented Fortinet zero-days have been added to CISA's KEV (Known Exploited Vulnerabilities) catalog. The documented zero-days include gaps in the FortiOS SSL-VPN, FortiOS, and FortiOS sslvpnd.
Fortinet had warned customers about the vulnerability last week. The CVSS v3 score of 9.8 indicates a high severity, emphasising the need for immediate attention and action. Organisations using FortiManager network management software are advised to apply the necessary patches and updates as soon as possible.
