Security News > 2024 > October > Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)

Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)
2024-10-24 09:04

Fortinet has finally made public information about CVE-2024-47575, a critical FortiManager vulnerability that attackers have exploited as a zero-day. About CVE-2024-47575 CVE-2024-47575 is a vulnerability stemming from missing authentication for a critical function in FortiManager’s fgfmd daemon. Remote, unauthenticated attackers could exploit the flaw to execute arbitrary code or commands via specially crafted requests. It affects various versions of FortiManager and FortiManager Cloud, as well as some older FortiAnalyzer models. “Reports have shown this vulnerability … More → The post Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/10/24/cve-2024-47575/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-10-23 CVE-2024-47575 Missing Authentication for Critical Function vulnerability in Fortinet Fortimanager and Fortimanager Cloud
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
network
low complexity
fortinet CWE-306
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Fortinet 77 17 332 293 84 726