On October 23, 2024, Fortinet published an advisory disclosing an actively exploited vulnerability (CVE-2024-47575) affecting FortiManager and FortiManager Cloud. The critical-severity vulnerability can be exploited on FortiManager instances exposed to the internet via port 541. Successful exploitation could allow a remote, unauthenticated threat actor to execute arbitrary code or commands via specially crafted requests.
While no public proof-of-concept exploit is available at this time, Fortinet has stated that the vulnerability is being exploited in the wild. Therefore, Arctic Wolf strongly recommends updating to a fixed version of FortiManager as soon as possible to prevent further exploitation.
Recommendations For CVE-2024-47575:
Do Not Expose FortiManager on the Public Internet
From a security best practices standpoint, FortiManager instances should not be exposed to the public internet. If FortiManager devices are currently exposed publicly, it is recommended to remove them from public routing as soon as possible to prevent any further exploitation of this or other similar vulnerabilities as an initial access vector.
Note: Specific firewall configuration steps will depend on your unique environment and needs. Please refer to your firewall vendor’s documentation for guidance.
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version of FortiManager. Please refer to the vendor advisory for more details.
| Product | Affected Versions | Fixed Version |
| FortiManager 7.6 | 7.6.0 | 7.6.1 or above* |
| FortiManager 7.4 | 7.4.0 through 7.4.4 | 7.4.5 or above |
| FortiManager 7.2 | 7.2.0 through 7.2.7 | 7.2.8 or above |
| FortiManager 7.0 | 7.0.0 through 7.0.12 | 7.0.13 or above |
| FortiManager 6.4 | 6.4.0 through 6.4.14 | 6.4.15 or above* |
| FortiManager 6.2 | 6.2.0 through 6.2.12 | 6.2.13 or above* |
| FortiManager Cloud 7.6 | Not affected | Not Applicable |
| FortiManager Cloud 7.4 | 7.4.1 through 7.4.4 | 7.4.5 or above |
| FortiManager Cloud 7.2 | 7.2 all versions | Migrate to a fixed release |
| FortiManager Cloud 7.0 | 7.0 all versions | Migrate to a fixed release |
| FortiManager Cloud 6.4 | 6.4 all versions | Migrate to a fixed release |
* Based on current Release Notes documentation, some fixed versions mentioned above have not been formally released as of October 23, 2024 (Versions 7.6.1, 6.4.15, and 6.2.13).
Please follow your organization’s patching and testing guidelines to minimize potential operational impact.
Configure Fortinet Logs for Monitoring
Ensure that all Fortinet firewalls in your environment are configured for syslog monitoring with Arctic Wolf Managed Detection and Response, as described in our documentation.
Workarounds
Configuration Hardening
Fortinet has provided several version-specific workarounds for this vulnerability. Please refer to the Workarounds section of the vulnerability advisory page for additional details.
Note: Even if these workarounds are applied, it is still not recommended to leave FortiManager instances exposed on the public internet.
References
Stay up to date with the latest security incidents and trends from Arctic Wolf Labs.
Explore the latest global threats with the 2024 Arctic Wolf Labs Threats Report.
