CVE-2024-47575 - Fortinet FortiManager Missing Authentication Vulnerability
Project:Fortinet
Product:FortiManager
Date Added:2024-10-23Due Date:2024-11-13
Vulnerability Name
Fortinet FortiManager Missing Authentication Vulnerability
Description
Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://fortiguard.fortinet.com/psirt/FG-IR-24-423
https://nvd.nist.gov/vuln/detail/CVE-2024-47575
Related News Articles
Critical FortiSwitch flaw lets hackers change admin passwords remotelyApril 10, 2025
Fortinet warns of auth bypass zero-day exploited to hijack firewallsJanuary 14, 2025
Mandiant says new Fortinet flaw has been exploited since JuneOctober 24, 2024
Fortinet Warns of Critical Vulnerability in FortiManager Under Active ExploitationOctober 24, 2024