Skip to main content

Fortinet FortiManager Remote Code Execution Vulnerability

Release Date: 24 Oct 2024 4413 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

A vulnerability was identified in Fortinet FortiManager. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

 

Note:

Exploit in the wild has been detected for CVE-2024-47575, a missing authentication for critical function vulnerability in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.


Impact

  • Remote Code Execution

System / Technologies affected

  • FortiManager 7.6 version 7.6.0
  • FortiManager 7.4 versions 7.4.0 through 7.4.4
  • FortiManager 7.2 versions 7.2.0 through 7.2.7
  • FortiManager 7.0 versions 7.0.0 through 7.0.12
  • FortiManager 6.4 versions 6.4.0 through 6.4.14
  • FortiManager 6.2 versions 6.2.0 through 6.2.12
  • FortiManager Cloud 7.4 versions 7.4.1 through 7.4.4
  • FortiManager Cloud 7.2 versions 7.2.1 through 7.2.7
  • FortiManager Cloud 7.0 versions 7.0.1 through 7.0.12
  • FortiManager Cloud 6.4 all versions

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:


Vulnerability Identifier


Source


Related Link