9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
Fortinet is warning of a potentially very serious security vulnerability that is being actively exploited, although it apparently had no initial intention to communicate about it. Fortinet customers
Fortinet is warning of a potentially very serious security vulnerability that is being actively exploited, although it apparently had no initial intention to communicate about it.
Fortinet customers should read this message particularly carefully. The security specialist communicates about a vulnerability in FortiManager, the central management platform for Fortinet products. The lack of authentication allows external parties to log in to FortiManager without identity verification and remotely execute malicious code on the platform via specially crafted requests,” writes Fortinet.
From FortiManager, attackers can penetrate further into the network. The vulnerability (CVE-2024-47575) therefore receives an almost maximum CVSS score of 9.8. To emphasize the seriousness, Fortinet says the vulnerability is also being actively exploited. Experts estimate that at least 60,000 Fortinet customers are at risk.
The vulnerability affects multiple versions of FortiManager and FortiManager Cloud. In the Fortinet bulletin you can check whether you are using a vulnerable version and which version you can upgrade to to be protected again.
Fortinet initially appeared to have no intention of publicly communicating about the vulnerability. The vulnerability was brought to light via Reddit by a customer who was wondering why Fortinet had released an update for FortiManager. The public release notes said that “no resolved issues were reported.” Customers were notified privately in mid-October.
Fortinet’s decision not to immediately communicate publicly is met with criticism, including from security expert Kevin Beaumont. Fortinet says it kept the vulnerability secret to protect its customers, but Beaumont says the company mainly wanted to protect itself.
“I am not convinced that Fortinet’s narrative that they are protecting customers by not publicly disclosing a vulnerability actually protects customers. This vulnerability has been widely exploited for some time. It protects no one by not being transparent, except perhaps itself,” Beaumont writes on his blog.
Maybe Fortinet didn’t want to be in the news again. The security specialist has had a difficult year with several vulnerabilities affecting the company’s customers. As icing on the cake, Fortinet itself was also hacked this year.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
