Critical FortiManager Vulnerability Exploited in Active Attacks

Posted on By John Neff No Comments on Critical FortiManager Vulnerability Exploited in Active Attacks
Day
00
–:–
Post Activated
Scroll down to press Like

Fortinet has revealed a high-severity vulnerability in its FortiManager software, known as CVE-2024-47575, which has been actively exploited by attackers. FortiManager, a platform used by companies to manage multiple devices, was found to be vulnerable to an attack that enables hackers to exfiltrate sensitive data, including device IPs, credentials, and configuration files.

The flaw, which carries a critical severity score of 9.8, enables attackers to execute scripts to retrieve extensive data from FortiManager and FortiManager Cloud. Fortinet initially informed customers privately on October 13 but issued a public advisory after mounting concerns emerged on social media. In its advisory, Fortinet confirmed the vulnerability and issued a patch alongside workarounds for affected users.

Cybersecurity firm Mandiant, collaborating with Fortinet, has observed the vulnerability’s exploitation by a threat group it designates as UNC5820. Mandiant traced initial signs of exploitation back to June 2024, with a resurgence of activity in September. UNC5820 has reportedly used the bug to stage and exfiltrate configuration details, including user credentials, from FortiGate devices managed through FortiManager.

Google Cloud recently alerted affected customers, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) verified active exploitation, setting a deadline of November 13 for federal civilian agencies to patch. Meanwhile, cybersecurity expert Kevin Beaumont, who has tracked the vulnerability since its discovery, reported that nation-state actors might be leveraging the flaw in addition to another Fortinet vulnerability from February, CVE-2024-23113, as an entry vector for more extensive access.

Beaumont cautioned that FortiManager, often used by Managed Service Providers (MSPs), could be a significant vector for lateral movement across internal networks if compromised. He estimates around 60,000 FortiManager systems are exposed online, including over 13,200 in the U.S.

Many Fortinet customers voiced frustration at the delayed public disclosure, with concerns escalating across platforms like Reddit. As attacks continue, Fortinet and CISA urge organizations using FortiManager to initiate immediate forensic investigations and apply necessary patches to secure their environments.

Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com

Blogging, Critical Vulnerabilities and Exploits, Cyber Incident Response, Cybersecurity and Threat Intelligence, Data Privacy and Protection, Enterprise Network Security, IT Security Advisory, National Security and Cyber Defense, Technology News and Updates, Uncategorized Tags:, , , , , , , , , , , , , , , , , , ,

Related Posts

The Synthetic Intimacy Crisis: How AI Companions Will Erode Human Connection and Accelerate Demographic Collapse Artificial Intelligence
THE UPDATE THAT OPENED THE GATE — CISA ORDERS IMMEDIATE PATCH FOR CRITICAL WSUS FLAW Blogging
Chronicles of Alora: Realm of the Mystical – Part Nineteen Blogging
Emoji Smuggling & Hidden Messages in Images AI & Machine Security
Cybercriminals Target North American Transportation Companies with Info-Stealing Malware Blogging
IRANIAN CYBER PSYCHOLOGICAL OPERATIONS DISRUPTED — FEDERAL DOMAIN SEIZURES TARGET STATE-LINKED HACKING, DOXXING, AND THREAT NETWORKS Blogging

Leave a Reply

Discover more from The Realist Juggernaut

Subscribe now to keep reading and get access to the full archive.

Continue reading