Fortinet has disclosed a critical vulnerability in FortiManager, identified as CVE-2024-47575, which has been actively exploited in zero-day attacks to steal sensitive data, including configurations and credentials. The flaw allows remote, unauthenticated attackers to execute arbitrary commands by bypassing authentication mechanisms, affecting multiple FortiManager versions. Despite Fortinet’s early warnings to customers, many were left unaware of the vulnerability due to insufficient communication, leading to frustration within the user community.
Relevant URL: https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-critical-fortimanager-flaw-used-in-zero-day-attacks/amp/