Fortinet has updated its security advisory for a critical vulnerability in FortiManager (CVE-2024-47575) to include workarounds and additional indicators of compromise (IOCs). A remote, unauthenticated cybercriminal could exploit this vulnerability to access sensitive files or take control of an affected system. At the moment, all fixes have been released.
CISA previously added this vulnerability to its catalog of known exploited vulnerabilities, based on evidence of active exploitation, as confirmed by Fortinet.
CISA strongly encourages users and administrators to apply necessary updates, scan for malicious activity, assess potential risks of service providers, report positive findings to CISA, and refer to the following articles for more information :
