Another day, another Fortinet zero-day caught being exploited in-the-wild.
The US government’s cybersecurity agency CISA on Wednesday called urgent attention to a critical vulnerability in Fortinet’s FortiManager platform and warned that remote hackers are already launching code execution exploits.
The security defect, tracked as CVE-2024-0126, is documented as a “missing authentication for critical function vulnerability” in the FortiManager fgfmd daemon.
According to a critical-severity Fortinet advisory, the bug opens the door for remote unauthenticated attackers to execute arbitrary code or commands via specially crafted requests. It carries a CVSS severity score of 9.8/10.
“Reports have shown this vulnerability to be exploited in the wild,” the company said.
“The identified actions of this attack in the wild have been to automate via a script the exfiltration of various files from the FortiManager which contained the IPs, credentials and configurations of the managed devices,” Fortinet added.
Fortinet said it has not received reports of any low-level system installations of malware or backdoors on compromised FortiManager systems. “To the best of our knowledge, there have been no indicators of modified databases, or connections and modifications to the managed devices,” the company said.
Fortinet urged users to upgrade immediately to fixed versions across multiple product lines, with patches available for versions 7.0, 7.2, 7.4, and 7.6 of FortiManager.
The company also published IOCs and technical workarounds to limit exposure by implementing IP whitelists and enabling certificate-based authentication
Affected users are being pushed to to reset credentials and thoroughly audit logs for signs of unauthorized activity starting from the known compromise date.
Since 2002, there have been at least 8 documented Fortinet zero-days added to CISA’s KEV (Known Exploited Vulnerabilities) catalog. These include gaping holes in the FortiOS SSL-VPN, FortiOS and FortiOS sslvpnd.
FortiManager is an enterprise-facing product used in network management and security operations.
Related: Organizations Warned of Exploited Fortinet FortiOS Vulnerability
Related: Fortinet Patches Code Execution Vulnerability in FortiOS
Related: Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks
Related: Fortinet Patches Critical Vulnerabilities Leading to Code Execution
