Yesterday, CISA announced that it had added a missing authentication for critical vulnerability (CVE-2024-47575) in the Fortinet FortiManager product to their Known Exploited Vulnerabilities (KEV) catalog. CISA requires federal agencies employing this product to “apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable” by November 13th, 2024. CISA describes the vulnerability:
“Fortinet FortiManager Missing Authentication Vulnerability: Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.”
FortiGuard published their advisory for this vulnerability yesterday. The advisory provides a list of affected products and fixed versions of most of those products. It also notes that certain older versions of FortiAnalyzer with specific features enabled are also vulnerable to this vulnerability. The advisory also provides indicators of compromise. It also reports that:
“The identified
actions of this attack in the wild have been to automate via a script the
exfiltration of various files from the FortiManager which contained the IPs, credentials
[emphasis added] and configurations of the managed devices.”
Posts
No comments:
Post a Comment