Threat Research

CISA Identifies Critical Vulnerability (CVE-2024-47575) in Fortinet FortiManager

Cyble

The Cybersecurity and Infrastructure Security Agency (CISA) added Fortinet’s FortiManager to its KEV catalog due to CVE-2024-47575, a critical vulnerability (CVSS 9.8) that allows remote, unauthenticated attackers to execute arbitrary commands or code. Recovery methods and mitigations include upgrading to fixed FortiManager versions, applying workarounds, implementing patch management, and network segmentation. #FortiManager #CISA #CVE-2024-47575 #Fortinet #FortiManagerCloud #FortiGate

Keypoints

  • CISA added FortiManager to the KEV catalog due to CVE-2024-47575.
  • The vulnerability has a CVSS score of 9.8 and affects multiple FortiManager versions.
  • Remote, unauthenticated attackers can execute arbitrary commands or code.
  • Recovery methods include database rebuilding/resynchronization and the Quick Recovery Option.
  • Organizations should upgrade to fixed FortiManager versions and apply workarounds (e.g., deny unknown devices, whitelisting FortiGate IPs, port 541, and custom certificates).
  • Mitigations emphasize patch management, network segmentation, and having an incident response plan.
  • Failure to address the vulnerability can lead to data breaches and system compromises.

MITRE Techniques

  • [T1078] Initial Access – Use of valid accounts to gain access to systems. “Use of valid accounts to gain access to systems.”
  • [T1203] Execution – Exploitation of software vulnerabilities to execute arbitrary code. “Exploitation of software vulnerabilities to execute arbitrary code.”
  • [T1136] Persistence – Use of legitimate credentials to maintain access. “Use of legitimate credentials to maintain access.”
  • [T1068] Privilege Escalation – Exploitation of vulnerabilities to gain higher privileges. “Exploitation of vulnerabilities to gain higher privileges.”
  • [T1211] Defense Evasion – Obfuscation of malicious activities to avoid detection. “Obfuscation of malicious activities to avoid detection.”
  • [T1499] Impact – Execution of arbitrary commands leading to data loss or system compromise. “Execution of arbitrary commands leading to data loss or system compromise.”

Indicators of Compromise

  • [IOC Type] No explicit IOCs mentioned in the article. – No specific IPs, hashes, domains, or file names are provided.

Read more: https://cyble.com/blog/cisa-flags-critical-vulnerability-cve-2024-47575-in-fortinets-fortimanager/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint