216.73.217.22

FortiManager fgfmd vulnerability indicators

· Published 23/10/2024 19:54 · Modified 24/10/2024 10:21

Export JSON

Essential information

Published
23/10/2024 19:54
Modified
24/10/2024 10:21
Tags
2024-10-23 CVE-2024-47575 authentication exfiltration fortimanager remote code execution vulnerability
Related entities
1 vulnerabilities (cve), 3 observables, 7 techniques (mitre)

Description

A critical in 's fgfmd daemon allows remote unauthenticated attackers to execute arbitrary code or commands via specially crafted requests. This , classified as CWE-306 (Missing for Critical Function), has been exploited in the wild. The attack primarily targets the of files containing IPs, credentials, and configurations of managed devices. Multiple versions of and Cloud are affected. Mitigation strategies include upgrading to fixed versions, implementing workarounds such as preventing unknown device registration, using local-in policies to whitelist IP addresses, or employing custom certificates. Recovery methods involve fresh installations or re-initialization of hardware models, with careful consideration of potential data tampering.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

External references