You have4 free articles left this month.
Register for a free account to access unlimited free content.
You have 4 free articles left this month.
Register for a free account to access unlimited free content.
Powered by MOMENTUM MEDIA
lawyers weekly logo

Powered by MOMENTUMMEDIA

Breaking news and updates daily. Subscribe to our Newsletter
Advertisement

‘Act now’ – ACSC issues critical alert for exploited FortiManager vulnerability

The Australian Cyber Security Centre (ACSC) has issued a critical alert for a vulnerability in Fortinet FortiManager devices.

'Act Now' - ACSC issues critical alert for exploited FortiManager vulnerability
expand image

The vulnerability, CVE-2024-47575, allows threat actors to gain access to the FortiManager console, which is used to control security policies and firewalls.

“A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests,” said Fortinet.

For the vulnerability to be abused, a threat actor would need a valid Fortinet device certificate, but this could be sourced from a legitimate box and used over and over, according to runZero director of security research Rob King.

The ACSC has allocated the vulnerability a CVSSv3 score of 9.8. It also said Fortinet is aware of instances where the vulnerability has been actively exploited.

Cyber security firm Rapid7 said its customers have also seen evidence that the vulnerability may have been exploited.

“The identified actions of this attack in the wild have been to automate via a script the exfiltration of various files from the FortiManager, which contained the IPs, credentials and configurations of the managed devices,” said Fortinet.

Fortinet said users of FortiManager 7.6 and below should update immediately. Additionally, it said managers should be on the lookout for several indications and four IP addresses it has identified as malicious.

“At this stage, we have not received reports of any low-level system installations of malware or backdoors on these compromised FortiManager systems. To the best of our knowledge, there have been no indicators of modified databases or connections and modifications to the managed devices,” it said.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
You need to be a member to post comments. Become a member for free today!

Comments (0)

Cyber Daily Comments
Attach images by dragging & dropping or by selecting them.
The maximum file size for uploads is MB. Only files are allowed.
 
The maximum number of 3 allowed files to upload has been reached. If you want to upload more files you have to delete one of the existing uploaded files first.
The maximum number of 3 allowed files to upload has been reached. If you want to upload more files you have to delete one of the existing uploaded files first.
Posting as

    newsletter
    cyber daily subscribe
    Be the first to hear the latest developments in the cyber industry.