Note: This Emerging Threat is also published in the new Fortra Security & Trust Center - the new location for all Emerging Threats beginning in January 2025. Refer to Emerging Threats Moving to Fortra.com for more information on following Emerging Threats in their new location.
Fortra is actively researching a new vulnerability in FortiManager – CVE-2024-47575. A critical function in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute code or commands via specially crafted requests. FortiGuard has released updates for FortiManager to address this vulnerability, which should be implemented in customer systems as soon as possible.
Who is affected?
The following versions of FortiManager are affected by this vulnerability.
- FortiManager 7.6
- FortiManager 7.4 through 7.4.4
- FortiManager 7.2 through 7.2.7
- FortiManager 7.0 through 7.0.12
- FortiManager 6.4 through 6.4.14
- FortiManager 6.2 through 6.2.12
- FortiManager Cloud 7.4.1 through 7.4.4
- FortiManager Cloud 7.2.1 through 7.2.7
- FortiManager Cloud 7.0.1 through 7.0.12
- FortiManager Cloud 6.4 all versions
Note: FortiManager Cloud 7.6 is not affected.
What can I do?
FortiGuard has released updates to address this vulnerability. Customers should update to one of the following versions as soon as possible.
Version | Solution |
FortiManager 7.6 | Upgrade to 7.6.1 or above |
FortiManager 7.4 | Upgrade to 7.4.5 or above |
FortiManager 7.2 | Upgrade to 7.2.8 or above |
FortiManager 7.0 | Upgrade to 7.0.13 or above |
FortiManager 6.4 | Upgrade to 6.4.15 or above |
FortiManager 6.2 | Upgrade to 6.2.13 or above |
FortiManager Cloud 7.4 | Upgrade to 7.4.5 or above |
FortiManager Cloud 7.2 | Upgrade to 7.2.8 or above |
FortiManager Cloud 7.0 | Upgrade to 7.0.13 or above |
FortiManager Cloud 6.4 | Migrate to a fixed release |
A workaround is also available for customers who cannot upgrade immediately. For more information about the updates and the workaround, refer to FortiGuard’s advisory.
How is Fortra helping me?
Fortra is actively researching this threat to build detection capabilities.
Alert Logic Vulnerability Scanning: Alert Logic released authenticated scan coverage on October 25, 2024, to identify vulnerable versions of FortiManager.
Updates
Fortra has kicked off the Emerging Threats process for this vulnerability. This article will be updated with new information about this vulnerability and related security coverage as it becomes available.
10/25/2024: Alert Logic released authenticated scan coverage to identify vulnerable versions of FortiManager.
Comments
0 comments
Please sign in to leave a comment.