Critical Bug Exploited in Fortinet’s Management Console

October 24, 2024 at 04:25PM A critical vulnerability (CVE-2024-47575) in Fortinet’s FortiManager has been exploited by threat actor UNC5820, compromising over 50 devices. This flaw allows unauthorized access and manipulation, raising security concerns. Though sensitive information was extracted, no follow-up attacks have been reported. Immediate forensic investigations and remediation efforts are advised. ### Meeting Takeaways … Read more

Mandiant says new Fortinet flaw has been exploited since June

October 24, 2024 at 10:04AM A vulnerability in Fortinet’s FortiManager, tracked as CVE-2024-47575, has been exploited since June 2024, allowing unauthorized access to servers. Mandiant identified the threat actor UNC5820, who stole sensitive configuration data. Fortinet has released patches and mitigation strategies to protect against further exploitation. ### Meeting Takeaways on Fortinet FortiManager Vulnerability (CVE-2024-47575) … Read more

Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation

October 24, 2024 at 04:06AM Fortinet has identified a critical vulnerability (CVE-2024-47575) in FortiManager, affecting multiple versions and potentially exploited by remote attackers. The flaw allows unauthorized code execution. Fortinet recommends workarounds and has included the issue in the U.S. CISA’s Known Exploited Vulnerabilities catalog, requiring federal agencies to act by November 13, 2024. ### … Read more

Warning! FortiManager critical vulnerability under active attack

October 23, 2024 at 06:56PM Fortinet disclosed a critical flaw (CVE-2024-47575) in its FortiManager software, allowing remote attackers to execute arbitrary code. With a CVSS score of 9.8, it’s actively exploited. Users are urged to update their software immediately. CISA added it to its Known Exploited Vulnerabilities Catalog, warning of significant user exposure. **Meeting Notes … Read more

Fortinet warns of new critical FortiManager flaw used in zero-day attacks

October 23, 2024 at 11:07AM Fortinet disclosed a critical API vulnerability, CVE-2024-47575, in FortiManager, exploited in zero-day attacks to steal sensitive data. The company privately alerted customers on October 13, but details leaked online. The flaw, affecting multiple versions, allows unauthorized command execution, posing risks for corporate networks. Mitigations and patches are available. ### Meeting … Read more