Fortinet zero-day attack spree hits at least 50 customers
- Attackers are actively exploiting a critical zero-day vulnerability in Fortinet’s network and security management tool FortiManager, according to security researchers and federal authorities. The earliest exploitation was on June 27, and at least 50 organizations across various industries have been impacted to date, Mandiant said in a Wednesday blog post.
- Fortinet disclosed active exploitation of CVE-2024-47575, which has a CVSS score of 9.8, in a security advisory Wednesday. Hours later, the Cybersecurity and Infrastructure Security Agency added the CVE to its known exploited vulnerabilities catalog. Fortinet did not say how many customers are impacted or when it became aware of CVE-2024-47575 and active exploitation.
- “The exploitation observed thus far appears to be automated in nature and is identical across multiple victims,” Mandiant Consulting CTO Charles Carmakal said in a Wednesday post on LinkedIn. “However, with most mass exploitation campaigns, we often observe targeted follow-on activity at some victims.”
Dive Insight:
Exploitation of the FortiManager missing authentication for critical function vulnerability could allow a remote, unauthenticated attacker to execute arbitrary code or commands. Fortinet said attacks involved data theft, including IPs, credentials and configuration data of FortiGate devices managed by exploited FortiManager appliances.
The series of attacks mark the second actively exploited critical vulnerability involving Fortinet products in as many weeks. Earlier this month, federal authorities and security researchers alerted defenders to CVE-2024-23113, an actively exploited critical format string vulnerability in four Fortinet products.
Mandiant, which began collaborating with Fortinet to investigate the scope of malicious activity earlier this month, described the spree of attacks “mass exploitation” event. The motivation and origin of the threat group behind the attacks remains unknown.
To read the complete article, visit Cybersecurity Dive.