FortiManager fgfmd vulnerability indicators

Tags

External References

• https://otx.alienvault.com/
• https://fortiguard.fortinet.com/

Description

A critical vulnerability in FortiManager's fgfmd daemon allows remote unauthenticated attackers to execute arbitrary code or commands via specially crafted requests. This vulnerability, classified as CWE-306 (Missing Authentication for Critical Function), has been exploited in the wild. The attack primarily targets the exfiltration of files containing IPs, credentials, and configurations of managed devices. Multiple versions of FortiManager and FortiManager Cloud are affected. Mitigation strategies include upgrading to fixed versions, implementing workarounds such as preventing unknown device registration, using local-in policies to whitelist IP addresses, or employing custom certificates. Recovery methods involve fresh installations or re-initialization of hardware models, with careful consideration of potential data tampering.

Date