Tag :
Cyber Security

About the Vulnerability

Introduction

Fortinet FortiManager is a centralized management solution provided by Fortinet, specifically designed for managing and configuring Fortinet security devices, such as the FortiGate firewall.

Summary

On October 24, 2024, Sangfor FarSight Labs received notification that a Fortinet-FortiManager component contains information of authentication vulnerability(CVE-2024-47575), classified as critical in threat level.

Fortinet FortiManager's fgfmd daemon contains an authentication vulnerability that can be exploited by unauthorized attackers to obtain sensitive account information, potentially allowing them to execute arbitrary code and compromise the server. This vulnerability has been confirmed to be exploited in the wild.

Affected Versions

FortiManager 7.6.0

7.4.0 ≤ FortiManager ≤ 7.4.4

7.2.0 ≤ FortiManager ≤ 7.2.7

6.4.0 ≤ FortiManager ≤ 6.4.14

6.2.0 ≤ FortiManager ≤ 6.2.12

7.4.1 ≤ FortiManager Cloud≤ 7.4.4

7.2.1 ≤ FortiManager Cloud≤ 7.2.7

7.0.1 ≤ FortiManager Cloud≤ 7.0.12

6.4.0 ≤ FortiManager Cloud < 6.5.0

Solutions

Remediation Solutions

Official Remediation

Secure Versions:

FortiManager 7.6.0

7.4.0 ≤ FortiManager ≤ 7.4.4

7.2.0 ≤ FortiManager ≤ 7.2.7

7.6.1 ≤ FortiManager

7.4.5 ≤ FortiManager

7.2.8 ≤ FortiManager

7.0.13 ≤ FortiManage

6.4.15 ≤ FortiManager

6.2.13 ≤ FortiManager及以上

7.4.5 ≤ FortiManager Cloud

7.2.8 ≤ FortiManager Cloud

7.0.13 ≤ FortiManager Cloud

Temporary Solution

  1. Prohibit the registration attempts by unknown devices in FortiManager versions 7.0.12 and above, 7.2.5 and above, and 7.4.3 and above (excluding 7.6.0)

config system global

(global)# set fgfm-deny-unknown enable

(global)# end

  1. You can add local policy settings for FortiGate IP whitelists in FortiManager versions 7.2.0 and above.

config system local-in-policy

edit 1

set action accept

set dport 541

set src

next

edit 2

set dport 541

next

end

  1. you can set up custom certificates to mitigate the impact of vulnerabilities in versions 7.2.2 and above, 7.4.0 and above, and 7.6.0 and above

config system global

set fgfm-ca-cert

set fgfm-cert-exclusive enable

End

Official Solution

Affected users are recommended to update FortiManager or FortiManager Cloud to the secure version.

Download link: https://www.fortinet.com/products/management/fortimanager

Timeline

On October 24, 2024, Sangfor FarSight Labs received notification of Fortinet FortiManager authentication vulnerability.

On October 24, 2024, Sangfor FarSight Labs released a vulnerability alert.

References

https://www.fortiguard.com/psirt/FG-IR-24-423

Listen To This Post

Search

Keyword maximum 256 character

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

CVE-2024-38819: Path Traversal Vulnerability

Date : 19 Oct 2024
Read Now

CVE-2024-40766: SonicWALL SonicOS Access Control Flaw Vulnerability

Date : 12 Sep 2024
Read Now

CVE-2024-38063: Windows TCP/IP Remote Execution Code Vulnerability

Date : 09 Sep 2024
Read Now

See Other Product

Sangfor Omni-Command
Replace your Enterprise NGAV with Sangfor Endpoint Secure
Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
Sangfor Network Secure - Next Generation Firewall

Meet the Author

sangfor building image

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • facebook
  • twitter
  • linkedin
  • youtube
  • instagram
See Author's Detail