October 24, 2024 at 04:06AM
Fortinet has identified a critical vulnerability (CVE-2024-47575) in FortiManager, affecting multiple versions and potentially exploited by remote attackers. The flaw allows unauthorized code execution. Fortinet recommends workarounds and has included the issue in the U.S. CISA’s Known Exploited Vulnerabilities catalog, requiring federal agencies to act by November 13, 2024.
### Meeting Takeaways – Oct 24, 2024: Vulnerability/Network Security
1. **Critical Security Flaw Identified**:
– Fortinet has acknowledged a critical vulnerability (CVE-2024-47575, CVSS score: 9.8), widely known as FortiJump, affecting FortiManager software.
2. **Impact Scope**:
– The flaw affects multiple versions of FortiManager (7.x and 6.x) and older FortiAnalyzer models which have certain configurations enabled.
– Key affected hardware includes:
– FortiAnalyzer models: 1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G, and 3900E.
3. **Nature of the Vulnerability**:
– The vulnerability allows for remote unauthenticated execution of arbitrary code or commands through specially crafted requests targeting the fgfmd daemon.
4. **Exploitation Details**:
– Attackers require a valid Fortinet device certificate to successfully exploit the vulnerability, which can potentially be reused from existing devices.
– Current attacks involve automated scripts to exfiltrate sensitive information (IP addresses, credentials, configurations) from FortiManager.
5. **Mitigation Workarounds**:
– **For FortiManager versions 7.0.12 and above**: Prevent unknown device registration.
– **For FortiManager versions 7.2.0 and above**: Implement local-in policies to allow specific FortiGate IP addresses.
– **For versions 7.2.2, 7.4.0, and 7.6.0 and above**: Utilize a custom certificate for enhanced security.
6. **CISA Involvement**:
– The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, imposing a compliance deadline for federal agencies to apply necessary fixes by November 13, 2024.
7. **Fortinet’s Response**:
– Fortinet has promptly communicated with customers regarding the vulnerability and provided appropriate resources and public advisories to reinforce security measures prior to broader advisory dissemination.
8. **Recommendation**:
– All affected users and organizations should implement the recommended workarounds and fixes as soon as possible and monitor Fortinet’s advisory page for further updates.
Following these takeaways is crucial for maintaining network security and protecting sensitive information against potential exploitations.