Bulletin Distribution:
This Security Bulletin was sent to a targeted list of customers based on the possibility that a customer may have Fortinet devices within their environment. Although we could not identify the specific product or version, we sent this Security Bulletin as a precaution to ensure our customers are aware of this significant threat and the potential risk it may pose if not remediated.
Summary of Bulletin:
- On October 23, 2024, Fortinet published an advisory disclosing an actively exploited vulnerability (CVE-2024-47575) affecting FortiManager and FortiManager Cloud.
- The critical-severity vulnerability can be exploited on FortiManager instances exposed to the internet via port 541. Successful exploitation could allow a remote, unauthenticated threat actor to execute arbitrary code or commands via specially crafted requests.
- While no public proof-of-concept exploit is available at this time, Fortinet has stated that the vulnerability is being exploited in the wild.
|
Do not expose FortiManager on the public internet |
|
|
From a security best practices standpoint, FortiManager instances should not be exposed to the public internet. If FortiManager devices are currently exposed publicly, it is recommended to remove them from public routing as soon as possible to prevent any further exploitation of this or other similar vulnerabilities as an initial access vector.
Note: Specific firewall configuration steps will depend on your unique environment and needs. Please refer to your firewall vendor’s documentation for guidance. |
|
|
Upgrade to Latest Fixed Version |
|
|
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version of FortiManager. Please refer to the vendor advisory for more details. |
|
|
Product | Affected Versions | Fixed Version | FortiManager 7.6 | 7.6.0 | 7.6.1 or above* | FortiManager 7.4 | 7.4.0 through 7.4.4 | 7.4.5 or above | FortiManager 7.2 | 7.2.0 through 7.2.7 | 7.2.8 or above | FortiManager 7.0 | 7.0.0 through 7.0.12 | 7.0.13 or above | FortiManager 6.4 | 6.4.0 through 6.4.14 | 6.4.15 or above* | FortiManager 6.2 | 6.2.0 through 6.2.12 | 6.2.13 or above* | FortiManager Cloud 7.6 | Not affected | Not Applicable | FortiManager Cloud 7.4 | 7.4.1 through 7.4.4 | 7.4.5 or above | FortiManager Cloud 7.2 | 7.2 all versions | Migrate to a fixed release | FortiManager Cloud 7.0 | 7.0 all versions | Migrate to a fixed release | FortiManager Cloud 6.4 | 6.4 all versions | Migrate to a fixed release |
|
|
|
* Based on current Release Notes documentation, some fixed versions mentioned above have not been formally released as of October 23, 2024 (Versions 7.6.1, 6.4.15, and 6.2.13).
Please follow your organization's patching and testing guidelines to minimize potential operational impact. |
|
|
Configure Fortinet logs for monitoring |
|
|
Ensure that all Fortinet firewalls in your environment are configured for syslog monitoring with Arctic Wolf Managed Detection and Response, as described in our documentation. |
|
|
|
|
Fortinet has provided several version-specific workarounds for this vulnerability. Please refer to the Workarounds section of the vulnerability advisory page for additional details. Note: Even if these workarounds are applied, it is still not recommended to leave FortiManager instances exposed on the public internet. |
|
|
|
|
|
