- Vulnerability/
- CVE-2024-47575
CVE-2024-47575: Missing authentication in fgfmsd
First published: Thu Oct 17 2024(Updated: )
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
Credit: psirt@fortinet.com psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiManager | ||
| Fortinet FortiManager | >=6.2.0<6.2.13 | |
| Fortinet FortiManager | >=6.4.0<6.4.15 | |
| Fortinet FortiManager | >=7.0.0<7.0.13 | |
| Fortinet FortiManager | >=7.2.0<7.2.8 | |
| Fortinet FortiManager | >=7.4.0<7.4.5 | |
| Fortinet FortiManager | =7.6.0 | |
| Fortinet FortiManager Cloud | >=6.4.1<=6.4.7 | |
| Fortinet FortiManager Cloud | >=7.0.1<7.0.13 | |
| Fortinet FortiManager Cloud | >=7.2.1<7.2.8 | |
| Fortinet FortiManager Cloud | >=7.4.1<7.4.5 | |
| Fortinet FortiManager | =. | |
| Fortinet FortiManager | >=7.4.0<=7.4.4 | |
| Fortinet FortiManager | >=7.2.0<=7.2.7 | |
| Fortinet FortiManager | >=7.0.0<=7.0.12 | |
| Fortinet FortiManager | >=6.4.0<=6.4.14 | |
| Fortinet FortiManager | >=6.2.0<=6.2.12 | |
| Fortinet FortiManager Cloud | >=7.4.1<=7.4.4 | |
| Fortinet FortiManager Cloud | >=7.2.1<=7.2.7 | |
| Fortinet FortiManager Cloud | >=7.0.1<=7.0.12 | |
| Fortinet FortiManager Cloud | >=6.4 |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Remedy
Please upgrade to FortiManager Cloud version 7.6.2 or above Please upgrade to FortiManager Cloud version 7.4.5 or above Please upgrade to FortiManager Cloud version 7.2.8 or above Please upgrade to FortiManager Cloud version 7.0.13 or above Please upgrade to FortiManager version 7.6.1 or above Please upgrade to FortiManager version 7.4.5 or above Please upgrade to FortiManager version 7.2.8 or above Please upgrade to FortiManager version 7.0.13 or above Please upgrade to FortiManager version 6.4.15 or above Please upgrade to FortiManager version 6.2.13 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-critical-fortimanager-flaw-used-in-zero-day-attacks/
- https://www.fortiguard.com/psirt/cvrf/FG-IR-24-423
- https://www.fortiguard.com/psirt/FG-IR-24-423
- https://fortiguard.fortinet.com/psirt/FG-IR-24-423
- https://nvd.nist.gov/vuln/detail/CVE-2024-47575
- https://www.theregister.com/2024/10/23/fortimanager_critical_vulnerability/
- https://www.bleepingcomputer.com/news/security/mandiant-says-new-fortinet-fortimanager-flaw-has-been-exploited-since-june/
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-47575
- alias/CVE-2022-42475
- alias/CVE-2023-27997
- alias/FG-IR-24-423
- agent/title
- agent/weakness
- agent/type
- agent/severity
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/author
- collector/the-register
- source/The Register
- alias/CVE-2024-23113
- agent/references
- collector/fortiguard-psirt-latest
- source/FortiGuard
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- collector/fortiguard-psirt
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/description
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/nvd-cve
- agent/trending
- vendor/fortinet
- canonical/fortinet fortimanager
- version/fortinet fortimanager/.
- version/fortinet fortimanager/7.4.0
- version/fortinet fortimanager/7.4.4
- version/fortinet fortimanager/7.2.0
- version/fortinet fortimanager/7.2.7
- version/fortinet fortimanager/7.0.0
- version/fortinet fortimanager/7.0.12
- version/fortinet fortimanager/6.4.0
- version/fortinet fortimanager/6.4.14
- version/fortinet fortimanager/6.2.0
- version/fortinet fortimanager/6.2.12
- canonical/fortinet fortimanager cloud
- version/fortinet fortimanager cloud/7.4.1
- version/fortinet fortimanager cloud/7.4.4
- version/fortinet fortimanager cloud/7.2.1
- version/fortinet fortimanager cloud/7.2.7
- version/fortinet fortimanager cloud/7.0.1
- version/fortinet fortimanager cloud/7.0.12
- version/fortinet fortimanager cloud/6.4
- version/fortinet fortimanager/7.6.0
- version/fortinet fortimanager cloud/6.4.1
- version/fortinet fortimanager cloud/6.4.7