Fortinet admits critical security flaw hitting FortiManager

1 month ago

An absurd image of padlocks overlaying a integer background.

(Image credit: Shutterstock) (Image credit: Shutterstock)

Fortinet has confirmed a critical-severity vulnerability successful 1 of its products, and urged customers to use nan released hole immediately.

In a security advisory, nan cybersecurity institution said it uncovered a bug successful FortiManager that would let threat actors to remotely execute arbitrary code, aliases commands, via specially crafted requests.

The bug resides successful FortiManager’s fgfmd daemon, it was added.

Critical vulnerability

The susceptible versions are:

Fortinet 6.2.0 - 6.2.12, 6.4.0-6.4.14, 7.0.0 - 7.0.12, 7.2.0 -7.2.7, 7.4.0 - 7.44, and 7.6.0.

Furthermore, a fewer versions of FortiManager Cloud were besides said to beryllium vulnerable: All 6.4 versions, 7.0.1 - 7.0.12, 7.2.1 - 7.2.7, and 7.4.1 - 7.4.4.

FortiManager Cloud 7.6 is not affected.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

The bug is deemed critical, pinch a severity people of 9.8. It is tracked arsenic CVE-2024-47575, and a hole is already available. Fortinet besides said location were 3 imaginable workarounds, depending connected nan versions of nan package successful use.

Therefore, for FortiManager versions 7.0.12 aliases above, 7.2.5 aliases above, 7.4.3 aliases supra (but not 7.6.0), users could forestall chartless devices from attempting to registry “config strategy global”, “(global)# group fgfm-deny-unknown enable,” aliases “(global)# end”.

Users of FortiManager versions 7.2.0 and above, a workaround includes adding local-in policies to whitelist nan IP addresses of FortiGates that are allowed to connect, while for 7.2.2 and above, 7.4.0 and above, 7.6.0 and above, it is imaginable to usage a civilization certificate which will mitigate nan issue.

The institution claims nan bug is already being exploited successful nan wild, and urges its customers to protect their premises.

“The identified actions of this onslaught successful nan chaotic person been to automate via a book nan exfiltration of various files from nan FortiManager which contained nan IPs, credentials and configurations of nan managed devices,” nan advisory reads.

“At this stage, we person not received reports of immoderate low-level strategy installations of malware aliases backdoors connected these compromised FortiManager systems. To nan champion of our knowledge, location person been nary indicators of modified databases, aliases connections and modifications to nan managed devices.”

More from TechRadar Pro

Thousands of Fortinet firewalls are unpatched against this superior information bug, truthful spot now
Here's a database of nan best firewalls today
These are nan best endpoint protection tools correct now

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

Source Technology