Fortinet Product Security Update Advisory (CVE-2024-47575)
Overview
An update has been released to address vulnerabilities in Fortinet Products. Users of the affected versions are advised to update to the latest version.
Affected Products
CVE-2024-47575
- FortiManager version: 7.6.0
- FortiManager versions: 7.4.0 (inclusive) ~ 7.4.4 (inclusive)
- FortiManager versions: 7.2.0 (inclusive) ~ 7.2.7 (inclusive)
- FortiManager versions: 7.0.0 (inclusive) ~ 7.0.12 (inclusive)
- FortiManager versions: 6.4.0 (inclusive) ~ 6.4.14 (inclusive)
- FortiManager versions: 6.2.0 (inclusive) ~ 6.2.12 (inclusive)
- FortiManager Cloud versions: 7.4.1 (inclusive) ~ 7.4.4 (inclusive)
- FortiManager Cloud versions: 7.2.1 (inclusive) ~ 7.2.7 (inclusive)
- FortiManager Cloud versions: 7.0.1 (inclusive) ~ 7.0.12 (inclusive)
- FortiManager Cloud versions: 6.4 all versions
Resolved Vulnerabilities
Arbitrary code execution vulnerability in Fortinet’s FortiManager, FortiManager Cloud (CVE-2024-47575)
Vulnerability Patches
Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-47575
- FortiManager version: 7.6.1 or later version
- FortiManager version: 7.4.5 or later version
- FortiManager version: 7.2.8 or later version
- FortiManager version: 7.0.13 or later version
- FortiManager version: 6.4.15 or later version
- FortiManager version: 6.2.13 or later version
- FortiManager Cloud version: 7.4.5 or later version
- FortiManager Cloud version: 7.2.8 or later version
- FortiManager Cloud version: 7.0.13 or later version
- FortiManager Cloud version: Migrating to a fixed release (7.4.5 or later, 7.2.8 or later, 7.0.13 or later)
Referenced Sites
[1] CVE-2024-47575 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-47575
[2] Missing authentication in fgfmsd
https://fortiguard.fortinet.com/psirt/FG-IR-24-423
[3] Upgrade Path Tool Table