Security Alerts & CVE Updates

A critical security vulnerability, CVE-2024-47575, has been discovered and actively exploited in Fortinet FortiManager and certain FortiAnalyzer platforms. This vulnerability, rated with a CVSS score of 9.8, allows remote, unauthenticated attackers to execute arbitrary code or commands by sending specially crafted requests to the affected systems. Attackers have used automated scripts to exfiltrate sensitive files, including IP addresses, credentials, and configuration data of managed devices1.

Affected platforms include various FortiAnalyzer and FortiManager models, especially those with the FortiManager feature enabled and at least one interface with fgfm service active. Fortinet has confirmed that the vulnerability is being exploited in the wild, with attackers targeting the fgfmd daemon to gain unauthorized access.

NHS England’s National CSOC strongly advises all organizations using affected Fortinet products to immediately review Fortinet’s PSIRT Advisory FG-IR-24-423, apply the latest security updates, and follow the official recovery guidance. If updates cannot be applied right away, temporary workarounds are outlined in the advisory. Organizations should also perform a thorough compromise assessment using the provided indicators of compromise (IoCs), such as suspicious log entries, specific IP addresses, and serial numbers. If malicious activity is detected, urgent contact with CSOC is recommended.

Additional remediation steps include:

Changing all credentials and sensitive data for managed devices, as exfiltration may have occurred.

Carefully reviewing configuration backups before restoring, to ensure no tampering has taken place.

For virtual machine installations, isolating compromised systems and comparing them with clean deployments.

Summary:
This zero-day vulnerability poses a severe risk to organizations using Fortinet FortiManager and related products. Immediate action is required to patch systems, assess for compromise, and secure credentials to prevent further exploitation1.