Detections
Analytics
CVE-2024-47575
critical
Description
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
From the Tenable Blog
CVE-2024-47575: Frequently Asked Questions About FortiJump Zero-Day in FortiManager and FortiManager Cloud
Published: 2024-10-23
Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.
References
https://www.infosecurity-magazine.com/news/watchtowr-new-vulnerability/
https://securityaffairs.com/170189/hacking/fortijump-flaw-exploited-since-june-2024.html
https://www.securityweek.com/fortinet-confirms-zero-day-exploit-targeting-fortimanager-systems/