Subscribe to Newsletters

Curated Content | Thought Leadership | Technology News

Hackers Exploit Vulnerability as Fortinet Issues Urgent Security Advisory

Patch now or pay later.
Ryan Uliss
Contributing Writer
Miniature people searching for bugs on microchip.

Fortinet has publicly disclosed a critical vulnerability, CVE-2024-47575, in its product management tool FortiManager, following reports of exploitation in the wild.

The bug, first flagged in private alerts to customers on October 13, carries a severity score of 9.8 out of 10, underscoring its significant risk. Known as “FortiJump,” this flaw enables remote attackers to access and exfiltrate sensitive data, such as IP addresses, credentials, and device configurations, without authentication.

Security researcher Kevin Beaumont was among the first to raise the alarm, noting that the flaw has been abused by nation-state attackers. Public pressure mounted for disclosure as users began discussing their concerns on social media.

On October 18, Fortinet responded with a public advisory, confirming the scope of the vulnerability and releasing patches for affected versions. However, concerns linger about the delay in informing customers and the extent of the exploit’s impact.

Why It Matters: With the bug affecting a key Fortinet tool used to manage multiple devices and configurations, thousands of FortiManager systems are exposed globally, putting vast amounts of sensitive information at risk. While patches and workarounds have been issued, the potential for ongoing exploitation remains a significant concern for both private and public sector organizations relying on Fortinet products.

  • Vulnerability Overview: Fortinet disclosed the critical vulnerability in FortiManager, allowing remote code execution through unauthenticated requests. This bug, dubbed “FortiJump,” has a severity score of 9.8, making it an urgent security risk for affected users.
  • Exploitation and Impact: Nation-state attackers have already exploited the flaw, using it to steal IP addresses, credentials, and configurations from compromised FortiManager systems. Over 60,000 FortiManager servers, including more than 13,200 in the U.S., remain exposed to potential attacks.
  • Security Research and Advisory: Researcher Kevin Beaumont raised early warnings, leading Fortinet to release a public advisory and patches on October 18. Fortinet’s response includes workarounds and mitigation measures, but concerns remain about the company’s initial delay in informing customers.
  • Patches and Workarounds: Fortinet issued patches for most affected versions, with additional guidance on preventing unknown device registration and employing custom certificates to mitigate the flaw. Older models like FortiAnalyzer are also affected, requiring migration to patched versions.

Go Deeper -> Fortinet Discloses Critical Zero-Day Flaw in FortiManager – Tech Target

High-Severity FortiManager Bug Being Exploited by Hackers – The Record

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters