Current CyberSecurity Advisories

Vulnerability in Fortinet’s FortiManager

Request a Call Back
Release date
24 October 2024
Alert rating
Critical

Description

The ASD’s ACSC is aware of a vulnerability affecting all versions of Foritnet’s ForitManager device that enables an unauthorised actor access to the FortiManager console (CVE-2024-47575). FortiManager devices provide centralised management of Fortinet devices from a single console.

Audience

Small & medium businessesOrganisations & Critical InfrastructureGovernment

Current update

This alert has been written for the IT teams of organisations and government.

Background / What has happened?

  • The ASD’s ACSC is tracking a vulnerability in FortiManger devices.
  • Fortinet are aware of active exploitation of vulnerable instances.
  • This vulnerability has been allocated a CVSSv3 score of 9.8

Mitigation / How do I stay secure?

  • Australian organisations should review their networks for use of vulnerable instances of ForitManager devices and implement the mitigation advice provided by the vendor.
  • Patch information is available at PSIRT | FortiGuard Labs. ASD’s ACSC strongly recommends that affected Australian organisations patch this vulnerability as a matter of high priority.

Assistance / Where can I go for help?

The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).

Source
https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/vulnerability-in-fortinets-fortimanager
Back

Protect your assets with Predictive

Find out More
TisaAssist bot
🤖 Hello, how can I assist you today?
I can help you with:
✅ Answer questions related to the website.
✅ Help you understand things you don't know.
❓ What's Tisalabs
💻 What's IoT
🔒 Why sensor data must be protected?