Network Security Alert: Potential Vulnerability in FortiManager Network Management System
In a recent development, cybersecurity company Fortinet has announced the discovery of a critical zero-day vulnerability, identified as CVE-2024-47575, impacting several versions of their FortiManager network management software. This vulnerability, classified as CWE-306, is a missing authentication for a critical function in the FortiManager fgfmd daemon, allowing a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. The vulnerability has a CVSS v3 score of 9.8, indicating its high severity.
Discussions about this flaw have been ongoing since mid-October. Last week, Fortinet reportedly warned its customers about the vulnerability. However, reports indicate that this vulnerability has already been exploited in the wild. As of the advisory, there have been no reports of low-level system installations of malware or backdoors on compromised FortiManager systems.
The Australian Cyber Security Centre (ACSC) has issued a travel warning for Australian organisations to review their networks for vulnerable instances of FortiManager devices. No indicators of modified databases, or connections and modifications to the managed device have been reported. The Fortinet advisory includes indicators of compromise, workarounds, and recovery methods for CVE-2024-47575.
It is important to note that this is not the first time Fortinet has faced zero-day vulnerabilities. At least eight documented Fortinet zero-days have been added to CISA's KEV (Known Exploited Vulnerabilities) catalog since 2002. The documented zero-days include gaps in the FortiOS SSL-VPN, FortiOS, and FortiOS sslvpnd.
Organisations using FortiManager network management software are advised to follow Fortinet's advisory and take immediate action to secure their systems against this critical vulnerability. Regular updates and vigilant network monitoring are crucial in maintaining cybersecurity.
