Fortinet Zero-Day Vulnerability (#1060)

* Cisco Affected by OpenSSH Vulnerability * Format markdown docs * Update 20240709001-Cisco-Affected-by-OpenSSH-Vulnerability.md Update with link to previous mentioned CVE advisory * Oracle Critical Patch Update * Format markdown docs * Update 20240719001 * Format markdown docs * Okta Releases Browser Plugin Advisory * Format markdown docs * Update 20240723002 * Advisory_20240801002 * Format markdown docs * Update 20240801002 Applied "advisory-CISA-ICS-Advisories" template * Format markdown docs * Update 20240801002_02 Hyperlink fix * Format markdown docs * Advisory-20240823001 * Format markdown docs * CISA Joint Advisory * Format markdown docs * Zabbix Server Advisory * Format markdown docs * Veeam Releases Critical Updates * Format markdown docs * Veeam Releases Critical Updates 002 * Veeam Releases Critical Updates - 20240909002 * Format markdown docs * PR provided and changed to read 001 * Deleted * Deleted * GeoServer Critical Vulnerability * Format markdown docs * Update 20240924002 Reformatted affected version list to correct format. Added applicable GeoTools information and CVE. Added GeoServer advisory hyperlink. * Format markdown docs * Update 20240924002 Removed all auto-generated '\' from table text * Format markdown docs * Update 20240924002 Removed all auto-generated '\' from table text * Format markdown docs * WhatsUp Gold Security Bulletin * Format markdown docs * Update 20240930002 * Format markdown docs * Siemens Security Advisory * Format markdown docs * Update 20241009004 Renamed file. Included Siemens in the title. Updated table to ICS-related template. * Format markdown docs * Trend Micro Cloud Edge Advisory * Format markdown docs * Update 20241021001 Removed unnecessary table centered formatting. Included affected version build numbers. * Format markdown docs * Update 20241021001-Trend-Releases-Critical-Update.md Removed all auto-generated '\' from table text * Format markdown docs * Fortinet Zero-Day Vulnerability * Format markdown docs * updated Fortinet link * Format markdown docs * Updated markdown format * Update and rename 20241023001-Fortinet-Zero-Day-Vulnerabilities.md to 20241024001-Fortinet-Critical-Vulnerabilities.md Updated advisory with further fortinet information * Format markdown docs --------- Co-authored-by: CharlesRN <CharlesRN@users.noreply.github.com> Co-authored-by: Joshua Hitchen (DGov) <86041569+DGovEnterprise@users.noreply.github.com> Co-authored-by: JadonWill <117053393+JadonWill@users.noreply.github.com> Co-authored-by: JadonWill <JadonWill@users.noreply.github.com> Co-authored-by: DGovEnterprise <DGovEnterprise@users.noreply.github.com>
wagov · Oct 23, 2024 · f6f1ec3 · f6f1ec3
1 parent d800f86
commit f6f1ec3
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/docs/advisories/20241024001-Fortinet-Critical-Vulnerabilities.md b/docs/advisories/20241024001-Fortinet-Critical-Vulnerabilities.md
@@ -0,0 +1,28 @@
+# Fortinet FortiManager Critical Vulnerability - 20241024001
+
+## Overview
+
+The WA SOC has been made aware of a critical vulnerability in Fortinet FortiManager devices that is currently being actively exploited. A missing authentication for critical function vulnerability in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
+
+**Reports have shown this vulnerability to be exploited in the wild**
+
+## What is vulnerable?
+
+| Product(s) Affected | Affected Version(s)                                                                                                                                                               | Severity | CVE                                                               | CVSS |
+| ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ----------------------------------------------------------------- | ---- |
+| FortiManager        | all versions \< 7.6.0 <br> versions \< 7.4.0 - 7.4.4 <br>versions \< 7.2.0 - 7.2.7  <br>versions \< 7.0.0 - 7.0.12 <br>versions \< 6.4.0 - 6.4.14 <br> versions \< 6.2.0 - 6.2.12 | Critical | [CVE-2024-47575](https://nvd.nist.gov/vuln/detail/CVE-2024-47575) | 9.8  |
+| Fortimanager Cloud  | versions \< 7.4.1 - 7.4.4 <br> versions \< 7.2.1 - 7.2.7 <br>versions \< 7.0.1 - 7.0.12  <br>all versions \< 6.4                                                                  | Critical | [CVE-2024-47575](https://nvd.nist.gov/vuln/detail/CVE-2024-47575) | 9.8  |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- Fortinet: <https://www.fortiguard.com/psirt/FG-IR-24-423>
+
+## Other Information
+
+- ACSC: <https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/vulnerability-in-fortinets-fortimanager>