Fortinet Product Security Update Advisory (CVE-2024-47575)

Overview

 

An update has been released to address vulnerabilities in Fortinet Products. Users of the affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-47575

  • FortiManager version: 7.6.0
  • FortiManager versions: 7.4.0 (inclusive) ~ 7.4.4 (inclusive)
  • FortiManager versions: 7.2.0 (inclusive) ~ 7.2.7 (inclusive)
  • FortiManager versions: 7.0.0 (inclusive) ~ 7.0.12 (inclusive)
  • FortiManager versions: 6.4.0 (inclusive) ~ 6.4.14 (inclusive)
  • FortiManager versions: 6.2.0 (inclusive) ~ 6.2.12 (inclusive)

 

  • FortiManager Cloud versions: 7.4.1 (inclusive) ~ 7.4.4 (inclusive)
  • FortiManager Cloud versions: 7.2.1 (inclusive) ~ 7.2.7 (inclusive)
  • FortiManager Cloud versions: 7.0.1 (inclusive) ~ 7.0.12 (inclusive)
  • FortiManager Cloud versions: 6.4 all versions

 

 

Resolved Vulnerabilities

 

Arbitrary code execution vulnerability in Fortinet’s FortiManager, FortiManager Cloud (CVE-2024-47575)

 

Vulnerability Patches

 

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-47575

  • FortiManager version: 7.6.1 or later version
  • FortiManager version: 7.4.5 or later version
  • FortiManager version: 7.2.8 or later version
  • FortiManager version: 7.0.13 or later version
  • FortiManager version: 6.4.15 or later version
  • FortiManager version: 6.2.13 or later version
     
  • FortiManager Cloud version: 7.4.5 or later version
  • FortiManager Cloud version: 7.2.8 or later version
  • FortiManager Cloud version: 7.0.13 or later version
  • FortiManager Cloud version: Migrating to a fixed release (7.4.5 or later, 7.2.8 or later, 7.0.13 or later)

 

 

Referenced Sites

 

[1] CVE-2024-47575 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-47575

[2] Missing authentication in fgfmsd

https://fortiguard.fortinet.com/psirt/FG-IR-24-423

[3] Upgrade Path Tool Table

https://docs.fortinet.com/upgrade-tool/fortimanager