Imechapishwa: Nov 08, 2024 22:41
Advisory No: TZCERT-SA-24-0039
Source: FortiGuard
Software Affected: fgfmsd
FortiManager is vulnerable to a critical vulnerability. A remote attacker can exploit the vulnerability to execute arbitrary code.
FortiManager versions running fgfmsd are vulnerable to a critical vulnerability tracked as CVE-2024-47575 with CVSS base score 9.8. The vulnerability result from a missing authentication check in the FortiGate-FortiManager communication protocol (FGFM), specifically in the fgfmsd daemon, which handles communication between FortiManager and FortiGate devices. Without proper authentication mechanisms in place, this flaw allows an attacker to remotely interact with the FortiManager server by sending specially crafted requests which ends up bypassing typical user verification procedures. This code execution flaw may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
Successful exploitation of this vulnerability may allow the attacker to take control of the affected system.
FortiGuard has released a security patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.