CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-47575

Critical Severity
Fortinet
SVRS
94/100
CVSSv3
9.8/10
EPSS
0.91287/1

CVE-2024-47575 is a critical authentication bypass vulnerability affecting FortiManager and FortiManager Cloud. This flaw allows attackers to execute arbitrary code or commands through specially crafted requests due to a missing authentication check for critical functions. With a SOCRadar Vulnerability Risk Score (SVRS) of 94, this vulnerability requires immediate attention and remediation. The high SVRS indicates significant real-world risk, factoring in active exploits and threat actor interest observed in the wild. Given the existence of published exploits, organizations using affected FortiManager versions are at high risk of compromise. Successful exploitation could lead to complete system takeover, data breaches, and significant disruption of services, underscoring the urgency of patching or mitigating this vulnerability.

TAGS
CISA KEV
In The Wild
Exploit Avaliable
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-10-23
LAST MODIFIED2024-11-08
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-47575 is a critical vulnerability in FortiManager that allows attackers to execute arbitrary code or commands via specially crafted requests. The vulnerability has a CVSS score of 9.8, indicating its high severity. SOCRadar's SVRS score of 60 highlights the urgency of addressing this threat.

Key Insights

  • Missing Authentication: The vulnerability stems from a missing authentication mechanism for a critical function in FortiManager. This allows attackers to bypass authentication and gain unauthorized access to the system.
  • Remote Code Execution: The vulnerability allows attackers to execute arbitrary code or commands on the affected system. This could lead to a complete compromise of the system, including data theft, system disruption, and malware installation.
  • Active Exploits: Active exploits have been published to exploit this vulnerability, indicating that attackers are actively targeting systems.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about this vulnerability, calling for immediate and necessary measures to mitigate the risk.

Mitigation Strategies

  • Apply Software Updates: Install the latest software updates from Fortinet to patch the vulnerability.
  • Enable Authentication: Implement strong authentication mechanisms for critical functions in FortiManager to prevent unauthorized access.
  • Monitor Network Traffic: Monitor network traffic for suspicious activity and implement intrusion detection and prevention systems to detect and block malicious requests.
  • Restrict Access: Limit access to critical functions in FortiManager to authorized users only.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Axi0n1ze/CVE-2024-47575-POChttps://github.com/Axi0n1ze/CVE-2024-47575-POC2025-01-05
Fortinet FortiManager Missing Authentication Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-475752024-10-23
zgimszhd61/CVE-2024-47575-POChttps://github.com/zgimszhd61/CVE-2024-47575-POC2024-10-29
revanslbw/CVE-2024-47575-POChttps://github.com/revanslbw/CVE-2024-47575-POC2025-01-05
Laonhearts/CVE-2024-47575-POChttps://github.com/Laonhearts/CVE-2024-47575-POC2025-01-05
watchtowrlabs/Fortijump-Exploit-CVE-2024-47575https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-475752024-11-07
SkyGodling/exploit-cve-2024-47575https://github.com/SkyGodling/exploit-cve-2024-475752024-11-15
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Monday, November 18th, 2024
Dr. Johannes B. Ullrich2024-11-18
ISC StormCast for Monday, November 18th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Ancient Vulns; GitHub Impersonations; PaloAlto and Fortinet still not secureAncient TP-Link Backdoor Discovered by Attackers https://isc.sans.edu/diary/Ancient%20TP-Link%20Backdoor%20Discovered%20by%20Attackers/31442 GitHub Projects Targeted with Malicious Commits To Frame Researchers https://www.bleepingcomputer.com/news/security/github-projects-targeted-with-malicious-commits-to-frame-researcher/ PaloAlto and Fortinet Vulnerabilities https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/ <a href="https://security.paloaltonetworks.com
sans.edu
rss
forum
news
Update #1 Kritische Zero-Day Schwachstelle in FortiManager wird aktiv ausgenutzt - Update verfügbar
CERT.at2025-04-01
Update #1 Kritische Zero-Day Schwachstelle in FortiManager wird aktiv ausgenutzt - Update verfügbar | 24. Oktober 2024 Beschreibung In FortiManager wurde eine kritische Sicherheitsl&uuml;cke entdeckt, die bereits aktiv von Angreifern ausgenutzt wird. Die Schwachstelle erm&ouml;glicht es einem nicht authentifizierten Angreifer aus der Ferne, beliebigen Code oder Befehle auszuf&uuml;hren. CVE-Nummer(n): CVE-2024-47575 <p class
cve-2024-47575
google cloud
software publisher
information technology
The Best, the Worst and the Ugliest in Cybersecurity | 2024 Edition
SentinelOne2024-12-27
The Best, the Worst and the Ugliest in Cybersecurity | 2024 Edition | Before we ring in the New Year, SentinelOne reviews and reflects on some of the most formative cyber news stories that occurred in 2024.It’s almost time to wave goodbye to the year that was 2024, and as we look ahead to 2025 and the challenges that might bring, now is a good time to reflect on the best, the worst and the ugliest cybersecurity
sentinelone.com
rss
forum
news
What’s New in Rapid7 Products &amp; Services: Q4 2024 in Review
Margaret Wei2024-12-18
What’s New in Rapid7 Products &amp; Services: Q4 2024 in Review | Below, we’ve highlighted key releases and updates from the quarter across our products and services, including the new Platform Home Navigation experience, extensibility enhancements to Exposure Command and Surface Command, expanded MXDR support, and 2024 threat landscape trends from Rapid7 Labs.This quarter at Rapid7 we continued to make investments across our Command Platform to provide security professionals with a holistic, actionable view of their entire
rapid7.com
rss
forum
news
2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends
Rapid7 Labs2024-12-16
2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends | In this blog, the global experts across our Rapid7 Labs and Managed Services teams share real-time vulnerability insights and threat intelligence so that our customers can anticipate and prevent breaches, pinpoint critical threats, and confidently take command of their attack surface.Now that we’ve reached the end of another year, you may be looking around the cybersecurity infosphere and seeing a glut of posts offering
rapid7.com
rss
forum
news
Metasploit Weekly Wrap-Up 12/06/2024
Christophe De La Fuente2024-12-06
Metasploit Weekly Wrap-Up 12/06/2024 | Post-Thanksgiving Big Release This week's release is an impressive one. It adds 9 new modules, which will get you remote code execution on products such as Ivanti Connect Secure, VMware vCenter Server, Asterisk, Fortinet FortiManager and Acronis Cyber Protect. It also includes an account takeover on Wordpress, a local privilegePost-Thanksgiving Big Release <img alt="Metasploit Weekly
rapid7.com
rss
forum
news
FOCUS FRIDAY: ADDRESSING EXCHANGE SERVER RCE, FORTIMANAGER, GRAFANA, ROUNDCUBE WEBMAIL, AND CISCO FMC VULNERABILITIES FROM A TPRM PERSPECTIVE
Ferdi Gül2024-12-03
FOCUS FRIDAY: ADDRESSING EXCHANGE SERVER RCE, FORTIMANAGER, GRAFANA, ROUNDCUBE WEBMAIL, AND CISCO FMC VULNERABILITIES FROM A TPRM PERSPECTIVE | Written by: Ferdi Gül Welcome to this week’s edition of Focus Friday, where we explore high-profile cybersecurity incidents and vulnerabilities through the lens of Third-Party Risk Management (TPRM). In today’s rapidly evolving threat landscape, critical vulnerabilities pose a significant risk to organizations relying on third-party software and services. This week, we dive into several crucial [&#8230;] The post FOCUS FRIDAY: ADDRESSING
normshield.com
rss
forum
news

Social Media

@_x9im Yes, RCE attacks likely rose in 2024 per reports on exploited vulnerabilities. Key CVEs include CVE-2024-27198 &amp; CVE-2024-27199 (TeamCity), CVE-2024-4358 (Telerik), and CVE-2024-47575 (FortiManager). Blue Yonder was hit via Cleo RCE by Cl0P ransomware; FortiManager &amp; TeamCity
0
0
0
FortiManager Devices Mass Compromise Exploiting CVE-2024-47575 Vulnerability Shadowserver has issued a critical warning about the widespread exploitation of Fortinet FortiManager devices using the recently disclosed CVE-2024-47575 vulnerability. With a... https://t.co/h38bMy0tjI
0
0
0
Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild. Tracked as CVE-2024-47575 (CVSS sc... https://t.co/P5EeiLwRzV
0
0
0
Fortinet FortiManager RCE zero-day Flaw Exploited in-the-wild Fortinet has publicly disclosed a critical zero-day vulnerability in its FortiManager software, identified as CVE-2024-47575. The vulnerability has been actively exploited in the wild. Due t... https://t.co/kY2IiwWTX7
0
0
0
Just had a thought 💭: Over 15,000 FortiGate devices breached via the zero-day vulnerability CVE-2024-47575 😱. Hackers are stealing IPs &amp; credentials! 🔑 Time to prioritize patching and monitoring! ⏳🔒 #CyberSecurity #InfoSec #ZeroDay https://t.co/lLHoZsYcl0 https://t.co/PwKsLX7CP1
0
0
0
AttackerKB @ rapid7 Analysis for 'CVE-2024-47575'
0
0
0
Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575 - watchTowr Labs https://t.co/Ttzw4Hua5Y
0
0
0
CVE-2024-47575: Frequently Asked Questions About FortiJump Zero-Day in FortiManager and FortiManager Cloud https://t.co/kUPbJstqIr https://t.co/C4TJvvhEho
0
0
0
👉#PoC for #FortiJump #Vulnerability (CVE-2024-47575) Released! 🚨 This #zeroday flaw in @Fortinet 's #FortiManager allows #RCE, privilege escalation, and #DoSattacks. Unpatched systems are at high risk! ⚠️ Learn more: https://t.co/NjA9yjtgtg #CyberSecurity https://t.co/vkqqSpLLFt
0
0
0
PoC Exploit Releases for Zero-Day CVE-2024-47575 Flaw in Fortinet FortiManager - https://t.co/E7LECNKg8C
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppFortinetfortimanager
AppFortinetfortimanager_cloud

References

ReferenceLink
[email protected]https://fortiguard.fortinet.com/psirt/FG-IR-24-423

CWE Details

CWE IDCWE NameDescription
CWE-306Missing Authentication for Critical FunctionThe software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence