DIVD-2024-00044 - Missing authentication in Fortinet FortiManager fgfmsd
| Our reference | DIVD-2024-00044 |
| Case lead | Max van der Horst |
| Author | Oscar Vlugt |
| Researcher(s) | |
| CVE(s) | |
| Products |
|
| Versions |
|
| Recommendation | Patch your version to a non-vulnerable version. Migrate to a fixed release when you are running FortiManager Cloud 6.4 |
| Patch status | Available |
| Workaround | Available for some versions. Look at the recommendations on https://www.fortiguard.com/psirt/FG-IR-24-423 for your version. |
| Status | Open |
| Last modified | 24 Oct 2024 11:32 CEST |
Summary
A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. Reports have shown this vulnerability is exploited in the wild.
Recommendations
Upgrade to a non-vulnerable version according to the FortiGuard advisory FG-IR-24-423. We recommend restricting public access to your instance when you are unable to either patch or apply the workaround provided by Fortinet. We also recommend checking your FortiManager for unrecognised serial numbers and perform forensics on your instance when you do find unrecognised serial numbers. Fortinet provides recovery methods in their FortiGuard advisory.
What we are doing
DIVD is researching the vulnerability to determine a reliable fingerprint.
Timeline
| Date | Description |
|---|---|
| 24 Oct 2024 | DIVD starts researching the vulnerability to determine a fingerprint |
More information
- CVE-2024-47575
- National Vulnerability Database for CVE-2024-47575
- FortiGuard PSIRT Advisory FG-IR-24-423
- Mandiant Investigation