Friday 25 Oct 2024 @ 09:20
National Cyber Security Centre
Printable version

Exploitation of vulnerability affecting Fortinet FortiManager

The NCSC is encouraging UK organisations to take immediate action to mitigate a vulnerability affecting Fortinet FortiManager (CVE-2024-47575) and to follow the latest vendor advice.

What has happened?

Fortinet has published a security advisory detailing a missing authentication vulnerability affecting FortiManager.

CVE-2024-47575 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. 

Fortinet is aware of active exploitation of this vulnerability.  

Who is affected?

Organisations using Fortinet FortiManager, FortiManager Cloud and older FortiAnalyzer models, with the FortiManager feature enabled, are vulnerable.

Exploitation

The vendor advisory highlights that attackers have used an automated script to exfiltrate various files from vulnerable FortiManager devices. These files contain IPs, credentials and configurations of the managed devices. 

The NCSC is working to fully understand the UK impact and investigating cases of active exploitation affecting UK networks. 

What should I do?

The NCSC recommends following vendor best practice advice to mitigate vulnerabilities. In this case, if you use an affected product, you should take these priority actions: 

  1. Undertake a compromise assessment using the IoCs available in the vendor advisory.
  2. Monitor the vendor advisory and when a security update is available for your version, follow the recovery steps outlined to rebuild or reinitialise the device and change credentials and user-sensitive data, before installing the latest version. 
  3. If an update for your version isn’t currently available, install the vendor temporary mitigations. Once an update is available for your version, you should follow the vendor’s recovery steps (see above). 
  4. Carry out continuous monitoring and threat hunting activities. A report about this vulnerability is available to help organisations detect related activity. 
  5. If you suspect a compromise and are in the UK, report it to the NCSC.

More information and indicators of compromise (IoCs) are available in the vendor advisory

Further NCSC resources

The NCSC provides a range of guidance, services and tools to help your organisation secure systems:

Channel website: https://www.ncsc.gov.uk/

Original article link: https://www.ncsc.gov.uk/news/vulnerability-fortinet-fortimanager

Share this article

Latest News from
National Cyber Security Centre

NCSC warns of widening gap between cyber threats and defence capabilities

17/10/2024 09:05:00

Dr Richard Horne, CEO NCSC calls for greater global resilience against online security threats at Singapore International Cyber Week.

All UK schools offered free cyber service to protect against online threats

16/10/2024 16:15:00

Following the successful initial roll out of PDNS for Schools last year, all schools in the UK can now benefit from the enhanced cyber resilience service.

Team of British women to take part in international cyber event in Japan

08/10/2024 16:20:00

Being announced on Ada Lovelace Day, a team of CyberFirst Bursary alumni will be representing the UK at the inaugural Kunoichi Cyber Games taking place at the Code Blue cyber security conference in Tokyo.

Five Eyes cyber leaders provide threat briefing at major US conference

23/09/2024 09:25:00

NCSC CEO discusses how the global threat picture remains unpredictable at Aspen Cyber Summit with fellow cyber security leaders.

NCSC and partners issue advice to counter China-linked campaign targeting thousands of devices

19/09/2024 10:15:00

Joint advisory highlights the risk of malicious cyber actors exploiting internet-connected devices and gives mitigation advice.

NCSC CEO shares insights into securing UK elections in cyber space at major international conference

08/08/2024 10:05:00

Felicity Oswald shares reflections on the UK approach to election security at Black Hat USA conference.

Statement on major IT outage

19/07/2024 16:30:00

Following the global IT outage on Friday 19 July, affected organisations should put in place vendor mitigations. The NCSC is also warning about an increase in related phishing.

NCSC Chief Engineer recognised in prestigious Women in Engineering awards

10/07/2024 16:05:00

The NCSC’s Chief Engineer has been named as one of the top 50 Women in Engineering at a prestigious awards ceremony.

National Cyber Security Centre CTO: The tech market isn't working

15/05/2024 14:10:00

Ollie Whitehouse will say in his keynote speech that companies globally know how to build resilient, secure technology, but the market does not incentivise them to do so.