FortiManager fgfmd vulnerability indicators

SUMMARY :

A critical vulnerability in FortiManager's fgfmd daemon allows remote unauthenticated attackers to execute arbitrary code or commands via specially crafted requests. This vulnerability, classified as CWE-306 (Missing Authentication for Critical Function), has been exploited in the wild. The attack primarily targets the exfiltration of files containing IPs, credentials, and configurations of managed devices. Multiple versions of FortiManager and FortiManager Cloud are affected. Mitigation strategies include upgrading to fixed versions, implementing workarounds such as preventing unknown device registration, using local-in policies to whitelist IP addresses, or employing custom certificates. Recovery methods involve fresh installations or re-initialization of hardware models, with careful consideration of potential data tampering.

OPENCTI LABELS :

remote code execution,vulnerability,exfiltration,authentication,fortimanager,cve-2024-47575


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


FortiManager fgfmd vulnerability indicators