About the Vulnerability

Introduction

Fortinet FortiManager is a centralized management solution provided by Fortinet, specifically designed for managing and configuring Fortinet security devices, such as the FortiGate firewall.

Summary

On October 24, 2024, Sangfor FarSight Labs received notification that a Fortinet-FortiManager component contains information of authentication vulnerability(CVE-2024-47575), classified as critical in threat level.

Fortinet FortiManager's fgfmd daemon contains an authentication vulnerability that can be exploited by unauthorized attackers to obtain sensitive account information, potentially allowing them to execute arbitrary code and compromise the server. This vulnerability has been confirmed to be exploited in the wild.

Affected Versions

FortiManager 7.6.0

7.4.0 ≤ FortiManager ≤ 7.4.4

7.2.0 ≤ FortiManager ≤ 7.2.7

6.4.0 ≤ FortiManager ≤ 6.4.14

6.2.0 ≤ FortiManager ≤ 6.2.12

7.4.1 ≤ FortiManager Cloud≤ 7.4.4

7.2.1 ≤ FortiManager Cloud≤ 7.2.7

7.0.1 ≤ FortiManager Cloud≤ 7.0.12

6.4.0 ≤ FortiManager Cloud < 6.5.0

Solutions

Remediation Solutions

Official Remediation

Secure Versions:

FortiManager 7.6.0

7.4.0 ≤ FortiManager ≤ 7.4.4

7.2.0 ≤ FortiManager ≤ 7.2.7

7.6.1 ≤ FortiManager

7.4.5 ≤ FortiManager

7.2.8 ≤ FortiManager

7.0.13 ≤ FortiManage

6.4.15 ≤ FortiManager

6.2.13 ≤ FortiManager及以上

7.4.5 ≤ FortiManager Cloud

7.2.8 ≤ FortiManager Cloud

7.0.13 ≤ FortiManager Cloud

Temporary Solution

  1. Prohibit the registration attempts by unknown devices in FortiManager versions 7.0.12 and above, 7.2.5 and above, and 7.4.3 and above (excluding 7.6.0)

config system global

(global)# set fgfm-deny-unknown enable

(global)# end

  1. You can add local policy settings for FortiGate IP whitelists in FortiManager versions 7.2.0 and above.

config system local-in-policy

edit 1

set action accept

set dport 541

set src

next

edit 2

set dport 541

next

end

  1. you can set up custom certificates to mitigate the impact of vulnerabilities in versions 7.2.2 and above, 7.4.0 and above, and 7.6.0 and above

config system global

set fgfm-ca-cert

set fgfm-cert-exclusive enable

End

Official Solution

Affected users are recommended to update FortiManager or FortiManager Cloud to the secure version.

Download link: https://www.fortinet.com/products/management/fortimanager

Timeline

On October 24, 2024, Sangfor FarSight Labs received notification of Fortinet FortiManager authentication vulnerability.

On October 24, 2024, Sangfor FarSight Labs released a vulnerability alert.

References

https://www.fortiguard.com/psirt/FG-IR-24-423

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

CVE-2024-38819: Path Traversal Vulnerability

Date : 19 Oct 2024
Read Now

CVE-2024-40766: SonicWALL SonicOS Access Control Flaw Vulnerability

Date : 12 Sep 2024
Read Now

CVE-2024-38063: Windows TCP/IP Remote Execution Code Vulnerability

Date : 09 Sep 2024
Read Now

See Other Product

Platform-X
Sangfor Access Secure
Sangfor SSL VPN
Best Darktrace Cyber Security Competitors and Alternatives in 2024
Sangfor Omni-Command
Replace your Enterprise NGAV with Sangfor Endpoint Secure