Security News > 2024 > October > Fortinet warns of new critical FortiManager flaw used in zero-day attacks
2024-10-23 15:05
Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices. [...]
News URL
Related news
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Critical GitHub Attack (source)
- Critical Cisco Smart Licensing Utility flaws now exploited in attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-23 | CVE-2024-47575 | Missing Authentication for Critical Function vulnerability in Fortinet Fortimanager and Fortimanager Cloud A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests. | 9.8 |