‘Act Now’: ACSC Issues Critical Alert Over Exploited FortiManager Vulnerability

Cyber ​​attack on UK hospital disrupts operations and disruption will continue

‘Act Now’: ACSC Issues Critical Alert Over Exploited FortiManager Vulnerability

The Australian Cyber ​​Security Center (ACSC) has issued a critical alert for a vulnerability in Fortinet FortiManager devices.

The vulnerability, CVE-2024-47575, allows threat actors to gain access to the FortiManager console, which is used to control security policies and firewalls.

“Authentication missing for critical function vulnerability [CWE-306] In FortiManager, the fgfmd daemon may allow an unauthenticated, remote attacker to execute arbitrary code or commands via specially crafted requests,” Fortinet said.

For the vulnerability to be abused, a threat actor would need a valid Fortinet device certificate, but this could be obtained from a legitimate box and used over and over again, according to runZero’s director of security research, Rob King.

The ACSC has assigned the vulnerability a CVSSv3 score of 9.8. He also said that Fortinet is aware of cases where the vulnerability has been actively exploited.

Cybersecurity firm Rapid7 said its customers have also seen evidence that the vulnerability may have been exploited.

“The identified actions of this attack in the wild have been to script-automate the exfiltration of several FortiManager files, which contained the IPs, credentials and configurations of managed devices,” Fortinet said.

Fortinet said users of FortiManager 7.6 and lower should upgrade immediately. Additionally, it said administrators should be on the lookout for several clues and four IP addresses it has identified as malicious.

“At this time, we have not received reports of any low-level system installations of malware or backdoors on these compromised FortiManager systems. To our knowledge, there have been no indicators of modified databases or connections and modifications to managed devices,” he said.

Leave a Reply

Your email address will not be published. Required fields are marked *