Fortinet issues private notifications to FortiManager customers to patch an undisclosed flaw
Take action: If you are running Fortinet FortiManager, reach out to your account manager for details on the advisory, and review configuration so it restricting device registrations to known serial numbers and isolate it to be accessible from trusted networks. And update immediately to the latest patched version of FortiManager.
Learn More
Fortinet has released critical security updates for FortiManager to address a severe vulnerability that is reportedly being exploited by Chinese threat actors. The flaw is dubbed "FortiJump".
The company notified select customers privately and provided temporary mitigation advice, which included configuring FortiManager to prevent devices with unknown serial numbers from registering or connecting. While specific details about the vulnerability and its CVE identifier have not been publicly disclosed, the suggested mitigations imply that the issue may reside in the "Fortigate to FortiManager" (fgfm) connection or communication management capabilities.
To ensure the security of your systems, it's imperative that customers apply the latest patches to FortiManager as soon as they become available. In the interim, consider implementing the recommended mitigations, such as restricting device registrations to known serial numbers and limiting access to FortiManager installations.
Update - as of 23rd of October 2024, Fortinet reports the flaw as CVE-2024-47575 (CVSS score 9.8) - Missing authentication for critical function. The vulnerability enables remote, unauthenticated attackers to execute arbitrary code or commands by sending specially crafted requests to FortiManager.
Affected Versions:
- FortiManager versions: 6.2.0 to 6.2.12, 6.4.0 to 6.4.14, 7.0.0 to 7.0.12, 7.2.0 to 7.2.7, 7.4.0 to 7.4.4, 7.6.0, and FortiManager Cloud 6.4, 7.0, 7.2, 7.4.
First Patched Versions:
- FortiManager 6.2.13, 6.4.15, 7.0.13, 7.2.8, 7.4.5, and 7.6.1.
- FortiManager Cloud 7.2.8, 7.4.5, and 7.6.1.
