Fortinet admits critical security flaw hitting FortiManager
The flaw is already being abused in the wild, so patch now
Fortinet has confirmed a critical-severity vulnerability in one of its products, and urged customers to apply the released fix immediately.
In a security advisory, the cybersecurity company said it uncovered a bug in FortiManager that would allow threat actors to remotely execute arbitrary code, or commands, via specially crafted requests.
The bug resides in FortiManager’s fgfmd daemon, it was added.
Critical vulnerability
The vulnerable versions are:
Fortinet 6.2.0 - 6.2.12, 6.4.0-6.4.14, 7.0.0 - 7.0.12, 7.2.0 -7.2.7, 7.4.0 - 7.44, and 7.6.0.
Furthermore, a few versions of FortiManager Cloud were also said to be vulnerable: All 6.4 versions, 7.0.1 - 7.0.12, 7.2.1 - 7.2.7, and 7.4.1 - 7.4.4.
FortiManager Cloud 7.6 is not affected.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The bug is deemed critical, with a severity score of 9.8. It is tracked as CVE-2024-47575, and a fix is already available. Fortinet also said there were three possible workarounds, depending on the versions of the software in use.
Therefore, for FortiManager versions 7.0.12 or above, 7.2.5 or above, 7.4.3 or above (but not 7.6.0), users could prevent unknown devices from attempting to register “config system global”, “(global)# set fgfm-deny-unknown enable,” or “(global)# end”.
Users of FortiManager versions 7.2.0 and above, a workaround includes adding local-in policies to whitelist the IP addresses of FortiGates that are allowed to connect, while for 7.2.2 and above, 7.4.0 and above, 7.6.0 and above, it is possible to use a custom certificate which will mitigate the issue.
The company claims the bug is already being exploited in the wild, and urges its customers to protect their premises.
“The identified actions of this attack in the wild have been to automate via a script the exfiltration of various files from the FortiManager which contained the IPs, credentials and configurations of the managed devices,” the advisory reads.
“At this stage, we have not received reports of any low-level system installations of malware or backdoors on these compromised FortiManager systems. To the best of our knowledge, there have been no indicators of modified databases, or connections and modifications to the managed devices.”
More from TechRadar Pro
- Thousands of Fortinet firewalls are unpatched against this serious security bug, so patch now
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.