Security News > 2024 > October > Fortinet warns of new critical FortiManager flaw used in zero-day attacks
2024-10-23 15:05
Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices. [...]
News URL
Related news
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-23 | CVE-2024-47575 | Missing Authentication for Critical Function vulnerability in Fortinet Fortimanager and Fortimanager Cloud A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests. | 9.8 |