A critical vulnerability discovered in Fortinet Inc.’s FortiManager is being exploited in the wild, and users are being advised to implement changes to protect against the threat.

The vulnerability, tracked as CVE-2024-47575, affects Fortinet’s FortiManager platform versions prior to 7.6.1. Dubbed “FortiJump,” the vulnerability allows remote unauthenticated attackers to execute arbitrary code by exploiting weaknesses in the FortiGate-to-FortiManager protocol. The flaw allows attackers to register unauthorized devices, modify configuration files and potentially manage other networked devices.

Emphasizing its serious nature, the vulnerability has been assigned a Common Vulnerability Scoring System score of 9.8, which is critical on the CVSS scoring system. Fortinet has confirmed that the vulnerability is actively being exploited in the wild.

“The identified actions of this attack in the wild have been to automate via a script the exfiltration of various files from the FortiManager, which contained the IPs, credentials and configurations of the managed devices,” Fortinet said today in an advisory.

Though patches are available for some affected versions, administrators are being strongly advised to implement recommended mitigations if immediate patching is not feasible. The recommended patches include creating IP allow lists for authorized FortiGate devices and using custom certificates to reduce exposure.

FortiManager is a centralized management platform used to control Fortinet’s security devices, including firewalls, switches and access points. The service allows administrators to streamline security operations by providing tools for configuration management, policy updates and device monitoring across large networks. The platform also supports automation and orchestration to simplify complex network environments, enhancing security response and visibility.

Victor Acin, head of threat intelligence at cybersecurity and risk management solutions provider Outpost24 AB, told SiliconANGLE via email that the vulnerability is “a clear example of how sophisticated zero-day attacks can target critical infrastructure.”

“This flaw, which allows unauthorized access to sensitive configuration files and credentials, underscores the importance of continuous monitoring and vigilance in cybersecurity,” Acin said. “As attackers become more advanced, organizations must prioritize rapid detection and response to mitigate potential damage.”

Photo: Johannes Weber/Flickr