Ethical Hacking News
Fortinet has publicly disclosed a critical zero-day vulnerability in their FortiManager product, tracked as CVE-2024-47575. The vulnerability allows attackers to execute arbitrary code or commands on managed devices and gain further access to corporate networks. This article provides an in-depth look at the vulnerability, its impact, and steps to address it.
Fortinet has disclosed a critical zero-day vulnerability in their FortiManager product, CVE-2024-47575. The vulnerability allows attackers to steal sensitive files and execute arbitrary code on managed devices. The flaw was first identified by cybersecurity researcher Kevin Beaumont and dubbed "FortiJump." Fortinet customers were initially notified about the flaw, but some did not receive notifications, causing frustration. A security update for FortiManager versions 7.6.1 to 6.2.13 has been released to fix the vulnerability.
Fortinet, a leading provider of network security solutions, has publicly disclosed a critical zero-day vulnerability in their FortiManager product. The vulnerability, tracked as CVE-2024-47575 and classified under CWE-306, was exploited in attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices.
The vulnerability was first identified by cybersecurity researcher Kevin Beaumont on Mastodon, who dubbed it "FortiJump." Fortinet customers were initially notified about the flaw through advanced notification emails starting October 13th. However, some customers did not receive these notifications, leading to frustration and confusion.
According to sources familiar with the attacks, threat actors first extracted a valid certificate from owned or compromised Fortinet devices, including FortiManager VMs. This certificate was used to set up an SSL tunnel between the FortiGate and the FortiManager server to authenticate both devices. However, the vulnerability lies in an additional level of authorization required to execute commands via the FortiManager FGFM API, which can be bypassed using the CVE-2024-47575 flaw.
The impact of this vulnerability is significant, as it allows attackers to execute arbitrary code or commands on managed devices and gain further access to corporate networks. Furthermore, the vulnerability affects multiple versions of FortiManager, including 7.6.0, 7.4.0 - 7.4.4, 7.2.0 - 7.2.7, 7.0.0 - 7.0.12, 6.4.0 - 6.4.14, and 6.2.0 through 6.2.12.
Fortunately, Fortinet has released a security update for FortiManager 7.6.1, 7.4.5, 7.2.8, 7.0.13, 6.4.15, and 6.2.13 or newer versions to fix the vulnerability. Additionally, Fortinet has indicated that the flaw also impacts FortiManager Cloud (FMG Cloud), although this information was not shared in the initial advisory.
In a statement regarding the vulnerability, Fortinet emphasized their commitment to responsible disclosure and transparency. "After identifying this vulnerability, Fortinet promptly communicated critical information and resources to customers," they said. "We also have published a corresponding public advisory reiterating mitigation guidance, including a workaround and patch updates."
However, some FortiManager customers have expressed frustration with the initial notification process, citing that not all received advanced notice about the vulnerability until leaked information began circulating online. In response, Fortinet advised customers to check their "Master" account for notifications or contact their reseller to confirm they have the correct contact information.
This critical zero-day vulnerability highlights the importance of staying informed about newly discovered security threats and taking prompt action to address them. As cybersecurity researcher Kevin Beaumont noted, exploiting this flaw is not difficult, as it requires registering a FortiGate device with an exposed FortiManager server using a valid certificate.
In conclusion, the exposure of this critical zero-day vulnerability in FortiManager underscores the need for organizations to prioritize their security posture and stay vigilant about newly discovered threats. By understanding the details of this vulnerability and taking necessary steps to address it, individuals and organizations can reduce their risk exposure and ensure they remain protected against emerging threats.
Related Information:
https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-critical-fortimanager-flaw-used-in-zero-day-attacks/
https://arstechnica.com/security/2024/10/fortinet-stays-mum-on-critical-0-day-reportedly-under-active-exploitation/
https://nvd.nist.gov/vuln/detail/CVE-2024-47575
https://www.cvedetails.com/cve/CVE-2024-47575/
Published: Wed Oct 23 10:28:57 2024 by llama3.2 3B Q4_K_M
