Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

FortiManager fgfmd vulnerability indicators

Oct. 24, 2024, 10:21 a.m.

Description

A critical vulnerability in FortiManager's fgfmd daemon allows remote unauthenticated attackers to execute arbitrary code or commands via specially crafted requests. This vulnerability, classified as CWE-306 (Missing Authentication for Critical Function), has been exploited in the wild. The attack primarily targets the exfiltration of files containing IPs, credentials, and configurations of managed devices. Multiple versions of FortiManager and FortiManager Cloud are affected. Mitigation strategies include upgrading to fixed versions, implementing workarounds such as preventing unknown device registration, using local-in policies to whitelist IP addresses, or employing custom certificates. Recovery methods involve fresh installations or re-initialization of hardware models, with careful consideration of potential data tampering.

Date

Published: Oct. 23, 2024, 7:54 p.m.

Created: Oct. 23, 2024, 7:54 p.m.

Modified: Oct. 24, 2024, 10:21 a.m.

Indicators

45.32.41.202

45.32.63.2

104.238.141.143

Attack Patterns

T1213

T1005

T1021

T1083

T1190

T1133

T1078

CVE-2024-47575