#FortiManager

Mandiant says new Fortinet flaw has been exploited since June

by

October 24, 2024 at 10:04AM A vulnerability in Fortinet’s FortiManager, tracked as CVE-2024-47575, has been exploited since June 2024, allowing unauthorized access to servers. Mandiant identified the threat actor UNC5820, who stole sensitive configuration data. Fortinet has released patches and mitigation strategies to protect against further exploitation. ### Meeting Takeaways on Fortinet FortiManager Vulnerability (CVE-2024-47575) … Read more

Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation

by

October 24, 2024 at 04:06AM Fortinet has identified a critical vulnerability (CVE-2024-47575) in FortiManager, affecting multiple versions and potentially exploited by remote attackers. The flaw allows unauthorized code execution. Fortinet recommends workarounds and has included the issue in the U.S. CISA’s Known Exploited Vulnerabilities catalog, requiring federal agencies to act by November 13, 2024. ### … Read more

Warning! FortiManager critical vulnerability under active attack

by

October 23, 2024 at 06:56PM Fortinet disclosed a critical flaw (CVE-2024-47575) in its FortiManager software, allowing remote attackers to execute arbitrary code. With a CVSS score of 9.8, it’s actively exploited. Users are urged to update their software immediately. CISA added it to its Known Exploited Vulnerabilities Catalog, warning of significant user exposure. **Meeting Notes … Read more

Fortinet Confirms Zero-Day Exploit Targeting FortiManager Systems

by

October 23, 2024 at 04:07PM Fortinet has confirmed zero-day exploits targeting a remote code execution vulnerability in the FortiManager platform, which has a CVSS severity score of 9.8/10. The information was reported by SecurityWeek. ### Meeting Takeaways – **Subject**: Zero-Day Exploit in FortiManager – **Vendor**: Fortinet – **Issue**: Confirmation of zero-day exploits affecting a remote … Read more

Fortinet warns of new critical FortiManager flaw used in zero-day attacks

by

October 23, 2024 at 11:07AM Fortinet disclosed a critical API vulnerability, CVE-2024-47575, in FortiManager, exploited in zero-day attacks to steal sensitive data. The company privately alerted customers on October 13, but details leaked online. The flaw, affecting multiple versions, allows unauthorized command execution, posing risks for corporate networks. Mitigations and patches are available. ### Meeting … Read more