FortiManager: missing authentication for critical function (CVE-2024-47575) #shorts #breaking

CVE

The new security vulnerability CVE-2024-47575 is a critical issue found in FortiManager and FortiManager Cloud versions, allowing an attacker to execute arbitrary code or commands through specific requests. The root of this vulnerability is the lack of authentication for certain critical functions. While the specific tools used in any potential attacks remain unknown, users of the affected FortiManager versions should be alerted as this could severely compromise their systems. As an emerging zero-day vulnerability, identified less than a day ago, it poses a significant risk without prior warning.

Watch the full video on YouTube: CVE-2024-47575

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2024-47575
Description
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
Provider
fortinet
CWE / problem types
Execute unauthorized code or commands
Affected Software Versions
Fortinet:FortiManager:[{'version': '7.6.0', 'status': 'affected'}, {'versionType': 'semver', 'version': '7.4.0', 'lessThanOrEqual': '7.4.4', 'status': 'affected'}, {'versionType': 'semver', 'version': '7.2.0', 'lessThanOrEqual': '7.2.7', 'status': 'affected'}, {'versionType': 'semver', 'version': '7.0.0', 'lessThanOrEqual': '7.0.12', 'status': 'affected'}, {'versionType': 'semver', 'version': '6.4.0', 'lessThanOrEqual': '6.4.14', 'status': 'affected'}, {'versionType': 'semver', 'version': '6.2.0', 'lessThanOrEqual': '6.2.12', 'status': 'affected'}]
Date Published
2024-10-23T15:03:48.798Z
Last Updated
2024-11-07T07:41:45.283Z