FortiManager vulnerability CVE-2024-47575 allows unauthorized remote code execution, posing critical risks. Patch now to secure your systems.

We would like to alert our community to a newly discovered critical vulnerability affecting Fortinet’s FortiManager systems. This vulnerability, CVE-2024-47575, has been classified with a CVSS score of 9.8, reflecting its high risk. Attackers can remotely execute code or commands without authorization through an exploited weakness in FortiManager’s fgfmsd daemon. This issue affects several FortiManager versions, including versions 6.2.0 to 7.6.0, as well as FortiManager Cloud variants.

For impacted versions, Fortinet recommends upgrading to the following secure versions:

• FortiManager 7.6.1 or higher

• FortiManager 7.4.5 or higher

• FortiManager 7.2.8 or higher

• FortiManager 7.0.13 or higher

• FortiManager 6.4.15 or higher

• FortiManager 6.2.13 or higher

  
  

For those unable to upgrade immediately, Fortinet has provided alternative workarounds to mitigate risk. To ensure optimal protection, consider disabling unknown device registration, setting up local-in policies for IP whitelisting, or implementing custom certificates. Please refer to the Fortinet advisory for complete details.

At Greenwill Solution, we prioritize your organization’s security. Our Patch Management Service helps identify and implement these critical updates to secure your infrastructure. Contact us today to schedule a consultation and ensure your FortiManager system is safe.