Visit our booth at CANSEC on May 27-28
Articles
·
No items found.
·
24.10.2024

Critical Security Vulnerability in FortiManager (score of 9.8) - CVE-2024-47575

A zero-day critical security vulnerability (score of 9.8 out of 10) has been identified in FortiManager, Fortinet's centralized management platform for FortiGate devices.

This RCE (Remote Code Execution ) vulnerability presents the risk that a malicious individual could remotely execute arbitrary code on a machine, without requiring authentication. For those who want to know more about RCE vulnerabilities, please consult this blog post.

 

Exploitation observed

The very first exploits of the zero-day vulnerability date back to June 2024. The only cases of active exploitation of the vulnerability involve a new cybercriminal group named UNC5820.

Systems affected

  • FortiManager Cloud 6.4 (all versions)
  • FortiManager 7.6.0
  • FortiManager 7.4.0 to 7.4.4
  • FortiManager 7.2.0 to 7.2.7
  • FortiManager 7.0.0 to 7.0.12
  • FortiManager 6.4.0 to 6.4.14
  • FortiManager 6.2.0 to 6.2.12
  • FortiManager Cloud 7.4.1 to 7.4.4
  • FortiManager Cloud 7.2.1 to 7.2.7
  • FortiManager Cloud 7.0.1 to 7.0.12

Older FortiAnalyzer models, including 1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G and 3900E, are also affected by this vulnerability if FortiManager is enabled.

 

Indicators of compromise (IOC)

The following IP addresses (IOC) have been involved in attempts to exploit this vulnerability.

  • 45.32.41.202
  • 104.238.141.143
  • 158.247.199.37
  • 45.32.63.2
  • 195.85.114.78

 

Recommendations

1 - Migrate to the following FortiManager versions:

  • FortiManager 7.6 : upgrade to 7.6.1 or higher
  • FortiManager 7.4: upgrade to 7.4.5 or higher
  • FortiManager 7.2: upgrade to 7.2.8 or higher
  • FortiManager 7.0: upgrade to 7.0.13 or higher
  • FortiManager 6.4 : upgrade to 6.4.15 or higher
  • FortiManager Cloud 7.4: upgrade to Cloud 7.4.5 or higher
  • FortiManager Cloud 7.2: upgrade to Cloud 7.2.8 or higher
  • FortiManager Cloud 7.0: upgrade to Cloud 7.0.13 or latest version

 

2 - Block the IOCs associated with the exploitation of this vulnerability.

3 - In addition to these recommendations, Streamscan strongly suggests that you implement the following measures to control access to all your security devices, such as firewalls:

  • Set up strict access control by explicitly indicating all your IP addresses that have the right to access these devices. Access will be denied to any other IP.

 

What Streamscan does to protect you

If you are a Streamscan partner:

  • We have set up a crisis unit to monitor this critical vulnerability. We will apply the appropriate response measures.
  • All the IP addresses (IOC) listed above are already part of the suspect systems monitored by our CDS technology.
  • Our DRG/MDR security monitoring team remains vigilant in monitoring your network.

 

Articles
·
13.05.2026
The Myth of “Offsetting” Cybersecurity Investments
Data backup: if we're paying for better threat detection and response, shouldn't that reduce our exposure to incidents requiring recovery?
Articles
·
14.04.2026
2026-4-14 - Government of Canada introduces Level 1 of Canadian Program for Cyber Security Certification
Today, April 14, 2026, the Canadian federal government is officially launching the CPCSC Level 1 certification . It will be required for federal contracts starting in the summer of 2026. CPCSC Level 1 consists of 13controls.

Your security deserves a conversation

Contact us today
HomeOpen XDRStreamEnclaveEDRMDRIncident ResponseCMMC CertificationCPCSC CertificationPrivacy PolicyCookies Policy
PartnersAboutCareersBlogVideos and WebinarsToolsWhitepapersResearchCybersecurity StrategyPenetration TestsContact
Cutting-edge cybersecurity solutions tailored to organizations operating in complex environments.
StreamScan Your Cybersecurity Partner Logo
StreamScan needs the information you provide to us to send you our newsletter. You may unsubscribe from our communications at anytime. For more information, check out our Privacy Policy.