Fortinet zero-day attack spree hits at least 50 customers

Matt Kapko / Cybersecurity Dive

October 24, 2024

2 Min Read
Fortinet zero-day attack spree hits at least 50 customers

  • Attackers are actively exploiting a critical zero-day vulnerability in Fortinet’s network and security management tool FortiManager, according to security researchers and federal authorities. The earliest exploitation was on June 27, and at least 50 organizations across various industries have been impacted to date, Mandiant said in a Wednesday blog post.

  • Fortinet disclosed active exploitation of CVE-2024-47575, which has a CVSS score of 9.8, in a security advisory Wednesday. Hours later, the Cybersecurity and Infrastructure Security Agency added the CVE to its known exploited vulnerabilities catalog. Fortinet did not say how many customers are impacted or when it became aware of CVE-2024-47575 and active exploitation.

  • “The exploitation observed thus far appears to be automated in nature and is identical across multiple victims,” Mandiant Consulting CTO Charles Carmakal said in a Wednesday post on LinkedIn. “However, with most mass exploitation campaigns, we often observe targeted follow-on activity at some victims.”

Dive Insight:

Exploitation of the FortiManager missing authentication for critical function vulnerability could allow a remote, unauthenticated attacker to execute arbitrary code or commands. Fortinet said attacks involved data theft, including IPs, credentials and configuration data of FortiGate devices managed by exploited FortiManager appliances.

The series of attacks mark the second actively exploited critical vulnerability involving Fortinet products in as many weeks. Earlier this month, federal authorities and security researchers alerted defenders to CVE-2024-23113, an actively exploited critical format string vulnerability in four Fortinet products.

Mandiant, which began collaborating with Fortinet to investigate the scope of malicious activity earlier this month, described the spree of attacks “mass exploitation” event. The motivation and origin of the threat group behind the attacks remains unknown.

To read the complete article, visit Cybersecurity Dive.

 

About the Author

Matt Kapko / Cybersecurity Dive

Matt Kapko / Cybersecurity Dive

See more from Matt Kapko / Cybersecurity Dive
Subscribe to receive Urgent Communications Newsletters
Catch up on the latest tech, media, and telecoms news from across the critical communications community
Sign Me Up

Recent

thumbnail
Regulations
Trump names Brendan Carr as next FCC chairmanTrump names Brendan Carr as next FCC chairman
byDonny Jackson
Nov 19, 2024
4 Min Read
thumbnail
AI & Analytics
Google, NLC issue AI guide for city leadersGoogle, NLC issue AI guide for city leaders
byYsabelle Kempe
Nov 17, 2024
1 Min Read
thumbnail
Tracking, Monitoring & Control
With new leadership, NextNav and Anterix boast of 900MHz momentumWith new leadership, NextNav and Anterix boast of 900MHz momentum
byMike Dano / Light Reading
Nov 17, 2024
2 Min Read
thumbnail
Public Safety
ZeroEyes earns key DHS designation, reducing legal liability for customersZeroEyes earns key DHS designation, reducing legal liability for customers
byDonny Jackson
Nov 16, 2024
4 Min Read