Ethical Hacking News
Fortinet has issued a critical security warning regarding a vulnerability in its FortiManager software that is currently under active exploitation. The company's advisory highlights a significant flaw that could allow remote attackers to execute arbitrary code or commands via specially crafted requests.
A vulnerability in FortiManager software is currently under active exploitation. The vulnerability (CVE-2024-47575) allows remote unauthenticated attackers to execute arbitrary code via specially crafted requests. The flaw is attributed to a missing authentication mechanism for critical functions, enabling unauthorized access. At least 50 FortiManager devices are potentially compromised, with evidence of exploitation dating back to June 27, 2024. A new threat cluster (UNC5820) has been identified as the attacker behind the mass exploitation. Fortinet provides workarounds and a commitment to responsible disclosure for customers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the defect to its KEV catalog, requiring federal agencies to apply fixes by November 13, 2024.
Fortinet has issued a critical security warning regarding a vulnerability in its FortiManager software that is currently under active exploitation. The company's advisory, dated October 24, 2024, highlights a significant flaw in the FortiGate to FortiManager (FGFM) protocol, which could allow remote unauthenticated attackers to execute arbitrary code or commands via specially crafted requests.
The vulnerability, tracked as CVE-2024-47575 and rated at a CVSS score of 9.8, is attributed to a missing authentication mechanism for critical functions in the FortiManager fgfmd daemon. This flaw enables an attacker to bypass authentication and gain unauthorized access to FortiManager systems, potentially leading to further exploitation and compromise.
According to Fortinet, this vulnerability affects various FortiManager versions, including 7.x, 6.x, FortiManager Cloud 7.x, and 6.x, as well as certain older FortiAnalyzer models with interface configurations that enable the fgfm service. The company has also identified at least 50 potentially compromised FortiManager devices across different industries, with evidence of exploitation dating back to June 27, 2024.
Researchers from Mandiant have attributed the mass exploitation of FortiManager appliances using this vulnerability to a new threat cluster, dubbed UNC5820. This threat actor has been exfiltrating configuration data from exploited FortiManager systems, which could be used to further compromise these devices and move laterally within enterprise environments.
In their advisory, Fortinet provides three workarounds for the vulnerability, tailored to different versions of FortiManager installed. These workarounds focus on preventing unknown devices from registering, adding local-in policies to allow-list IP addresses of FortiGates connected to the system, and using a custom certificate.
Fortinet has also emphasized its commitment to responsible disclosure and communication with customers. The company shared critical information and resources with affected customers prior to the public release of this advisory, aligning with its processes and best practices for responsible disclosure.
To address this vulnerability, Fortinet urges customers to follow the provided guidance, implement workarounds, and continue tracking their advisory page for updates on patch releases. Furthermore, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the defect to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply fixes by November 13, 2024.
In light of this critical vulnerability, organizations that rely on FortiManager for network security must take immediate action to strengthen their defenses. This includes applying available patches, implementing additional security controls, and monitoring for signs of exploitation or compromise.
The successful exploitation of FortiManager vulnerabilities highlights the ongoing threat landscape in cybersecurity. As threats evolve and exploit previously unknown vulnerabilities, organizations must remain vigilant and proactive in addressing emerging risks. With this critical warning, Fortinet has provided a timely reminder of the importance of continuous security monitoring and patch management.
Related Information:
https://thehackernews.com/2024/10/fortinet-warns-of-critical.html
https://nvd.nist.gov/vuln/detail/CVE-2024-47575
https://www.cvedetails.com/cve/CVE-2024-47575/
Published: Thu Oct 24 07:43:24 2024 by llama3.2 3B Q4_K_M
