Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)

SUMMARY :

A new threat cluster, UNC5820, has been observed exploiting a zero-day vulnerability in FortiManager appliances across multiple industries. The vulnerability allows unauthorized execution of arbitrary code or commands on vulnerable devices. The attackers staged and exfiltrated configuration data from managed FortiGate devices, potentially enabling further compromise. Exploitation attempts were first detected on June 27, 2024, with a second attempt on September 23, 2024. The threat actor added an unauthorized device to the FortiManager console and exfiltrated compressed archives containing sensitive configuration files. While no evidence of lateral movement has been found, organizations with exposed FortiManager devices are urged to conduct immediate forensic investigations.

OPENCTI LABELS :

cyber-espionage,exploitation,zero-day,vulnerability,fortigate,fortimanager,cve-2024-47575,configuration-exfiltration,network-security


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)