SECURITY
SECURITY
SECURITY
Critical vulnerability in Fortinet’s FortiManager exploited in the wild
A critical vulnerability discovered in Fortinet Inc.’s FortiManager is being exploited in the wild, and users are being advised to implement changes to protect against the threat.
The vulnerability, tracked as CVE-2024-47575, affects Fortinet’s FortiManager platform versions prior to 7.6.1. Dubbed “FortiJump,” the vulnerability allows remote unauthenticated attackers to execute arbitrary code by exploiting weaknesses in the FortiGate-to-FortiManager protocol. The flaw allows attackers to register unauthorized devices, modify configuration files and potentially manage other networked devices.
Emphasizing its serious nature, the vulnerability has been assigned a Common Vulnerability Scoring System score of 9.8, which is critical on the CVSS scoring system. Fortinet has confirmed that the vulnerability is actively being exploited in the wild.
“The identified actions of this attack in the wild have been to automate via a script the exfiltration of various files from the FortiManager, which contained the IPs, credentials and configurations of the managed devices,” Fortinet said today in an advisory.
Though patches are available for some affected versions, administrators are being strongly advised to implement recommended mitigations if immediate patching is not feasible. The recommended patches include creating IP allow lists for authorized FortiGate devices and using custom certificates to reduce exposure.
FortiManager is a centralized management platform used to control Fortinet’s security devices, including firewalls, switches and access points. The service allows administrators to streamline security operations by providing tools for configuration management, policy updates and device monitoring across large networks. The platform also supports automation and orchestration to simplify complex network environments, enhancing security response and visibility.
Victor Acin, head of threat intelligence at cybersecurity and risk management solutions provider Outpost24 AB, told SiliconANGLE via email that the vulnerability is “a clear example of how sophisticated zero-day attacks can target critical infrastructure.”
“This flaw, which allows unauthorized access to sensitive configuration files and credentials, underscores the importance of continuous monitoring and vigilance in cybersecurity,” Acin said. “As attackers become more advanced, organizations must prioritize rapid detection and response to mitigate potential damage.”
Photo: Johannes Weber/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
