CVE-2024-47575

Name of the Vulnerable Software and Affected Versions FortiManager versions 6.2.0 through 6.2.12 FortiManager versions 6.4.0 through 6.4.14 FortiManager versions 7.0.0 through 7.0.12 FortiManager versions 7.2.0 through 7.2.7 FortiManager versions 7.4.0 through 7.4.4 FortiManager version 7.6.0 FortiManager Cloud versions 6.4.1 through 6.4.7 FortiManager Cloud versions 7.0.1 through 7.0.12 FortiManager Cloud versions 7.2.1 through 7.2.7 FortiManager Cloud versions 7.4.1 through 7.4.4

Description The vulnerability is related to a missing authentication for a critical function in FortiManager, allowing remote, unauthenticated attackers to execute arbitrary code or commands via specially crafted requests. This issue has been actively exploited in the wild, with over 15,000 FortiGate devices reportedly breached, resulting in the theft of IPs and credentials. The vulnerability affects various versions of FortiManager and FortiManager Cloud, and it is recommended to update to the latest version to mitigate the risk.

Recommendations For FortiManager versions 6.2.0 through 6.2.12, update to a version outside of this range. For FortiManager versions 6.4.0 through 6.4.14, update to a version outside of this range. For FortiManager versions 7.0.0 through 7.0.12, update to a version outside of this range. For FortiManager versions 7.2.0 through 7.2.7, update to a version outside of this range. For FortiManager versions 7.4.0 through 7.4.4, update to a version outside of this range. For FortiManager version 7.6.0, update to a version outside of this range. For FortiManager Cloud versions 6.4.1 through 6.4.7, update to a version outside of this range. For FortiManager Cloud versions 7.0.1 through 7.0.12, update to a version outside of this range. For FortiManager Cloud versions 7.2.1 through 7.2.7, update to a version outside of this range. For FortiManager Cloud versions 7.4.1 through 7.4.4, update to a version outside of this range.