FortiManager API Vulnerability - CVE-2024-47575

FortiManager API Vulnerability

CVE: CVE-2024-47575

CVSS: 9.8/10

What is Vulnerable:

Multiple versions of FortiManager are affected by this newly discovered zero-day vulnerability.

Affected Versions:

• FortiManager 7.6

• FortiManager 7.4

• FortiManager 7.2

• FortiManager 7.0

• FortiManager 6.4

• FortiManager 6.2

• FortiManager Cloud 7.6

• FortiManager Cloud 7.4

• FortiManager Cloud 7.2

• FortiManager Cloud 7.0

• FortiManager Cloud 6.4

What is Happening

Fortinet has disclosed a critical vulnerability in the FortiManager API, identified as CVE-2024-47575.
This vulnerability is currently being exploited in the wild to steal sensitive data, including configuration files, IP addresses, and managed device credentials.
Details are available here: fortiguard.com 

Key Facts

- Fortinet have advised that this is being actively exploited in the wild.
- "A missing authentication for a critical function vulnerability [CWE-306] in the FortiManager fgfmd daemon may allow a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests."

What You Can Do

Fortinet has released patches to address this vulnerability. For more information on upgrading, please refer to Fortinet’s upgrade advisory table here.
Cythera strongly recommends patching your Fortimanager instances on an emergency basis.