Fortinet FortiManager Flaw Exploited in Zero-Day Attacks Since June

A critical vulnerability in FortiManager has been actively exploited, prompting urgent patch releases and security advisories.

The FortiManager vulnerability, CVE-2024-47575, allows unauthenticated attackers to execute commands, posing a severe security risk.
Exploitation of this flaw has been ongoing since June 2024, affecting over 50 servers, according to Mandiant.
Fortinet's advisory recommends immediate software updates and provides mitigation strategies to protect against unauthorized access.
The flaw has a high CVSS score of 9.8, indicating the potential for significant impact if left unpatched.
Security experts criticize Fortinet's initial private disclosure, emphasizing the need for transparency in vulnerability reporting.