• Fortinet admits critical security flaw hitting FortiManager

    From TechnologyDaily@1337:1/100 to All on Thursday, October 24, 2024 11:30:06
    Fortinet admits critical security flaw hitting FortiManager

    Date:
    Thu, 24 Oct 2024 10:21:40 +0000

    Description:
    Workarounds are also available after Fortinet confirms critical-severity vulnerability.

    FULL STORY ======================================================================

    Fortinet has confirmed a critical-severity vulnerability in one of its products, and urged customers to apply the released fix immediately.

    In a security advisory , the cybersecurity company said it uncovered a bug in FortiManager that would allow threat actors to remotely execute arbitrary code, or commands, via specially crafted requests.

    The bug resides in FortiManagers fgfmd daemon, it was added. Critical vulnerability

    The vulnerable versions are:

    Fortinet 6.2.0 - 6.2.12, 6.4.0-6.4.14, 7.0.0 - 7.0.12, 7.2.0 -7.2.7, 7.4.0 - 7.44, and 7.6.0.

    Furthermore, a few versions of FortiManager Cloud were also said to be vulnerable: All 6.4 versions, 7.0.1 - 7.0.12, 7.2.1 - 7.2.7, and 7.4.1 - 7.4.4.

    FortiManager Cloud 7.6 is not affected.

    The bug is deemed critical, with a severity score of 9.8. It is tracked as CVE-2024-47575, and a fix is already available. Fortinet also said there were three possible workarounds, depending on the versions of the software in use.

    Therefore, for FortiManager versions 7.0.12 or above, 7.2.5 or above, 7.4.3
    or above (but not 7.6.0), users could prevent unknown devices from attempting to register config system global, (global)# set fgfm-deny-unknown enable, or (global)# end.

    Users of FortiManager versions 7.2.0 and above, a workaround includes adding local-in policies to whitelist the IP addresses of FortiGates that are
    allowed to connect, while for 7.2.2 and above, 7.4.0 and above, 7.6.0 and above, it is possible to use a custom certificate which will mitigate the issue.

    The company claims the bug is already being exploited in the wild, and urges its customers to protect their premises.

    The identified actions of this attack in the wild have been to automate via a script the exfiltration of various files from the FortiManager which
    contained the IPs, credentials and configurations of the managed devices, the advisory reads.

    At this stage, we have not received reports of any low-level system installations of malware or backdoors on these compromised FortiManager systems. To the best of our knowledge, there have been no indicators of modified databases, or connections and modifications to the managed devices. More from TechRadar Pro Thousands of Fortinet firewalls are unpatched against this serious security bug, so patch now Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/fortinet-admits-critical-security-flaw- hitting-fortimanager


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)