VTA-004498 – Severe Authentication Bypass Vulnerability in Fortinet FortiManager Allows Remote Code Execution

Researchers have been alerted to a critical vulnerability in FortiManager’s fgfmd daemon, which lacks necessary authentication for a key function. This flaw, identified as CVE-2024-47575, may enable a remote attacker without credentials to run arbitrary code or commands through specially crafted requests. Actively exploited in the wild, this vulnerability is rated as a critical threat with a CVSS score of 9.8, requiring urgent action.

The fgfmsd daemon in FortiManager has a critical vulnerability that enables remote, unauthenticated attackers to execute arbitrary code or commands via crafted requests. This flaw is particularly concerning as it has been observed in active exploitation. Organizations are urged to prioritize patching vulnerable systems and strengthening their network security protocols to limit access risks. Security teams should evaluate potential exposure from this vulnerability and coordinate with relevant stakeholders to develop immediate response plans to mitigate business impact effectively.

Researchers advise System Administrators and Network Administrators to promptly adopt robust cybersecurity measures to safeguard their systems and networks at all times.

Severity:
High

Attack Surface:
Cloud Service, Others, Remote Access Service, Web Application

References:
1.  https://www.fortiguard.com/psirt/FG-IR-24-423

SuperPRO’s Threat Countermeasures Procedures: 
1. Promptly apply the latest security patches to all affected FortiManager instances to remediate the vulnerability.
2. Enhance authentication security and restrict access to FortiManager by using network segmentation and whitelisting to reduce unauthorized access risks.
3. Implement continuous monitoring to detect unusual activity related to this vulnerability and have incident response teams ready to handle potential exploitation attempts.

Contributed by: Varrumen