Hello everybody. If you use FortiManager from FortiNet you should be prepared to grab the latest available release from the support portal and upgrade.
Patches aren’t out yet. Mitigation is available. If you have FortiManager facing the internet, I’d say remove it from the internet now. #threatintel https://mastodon.green/@fthy/113299522822025433
Patch your FortiManager now. Limit access to it to only from dedicated jump-servers. #fortinet #fortimanager #infosec
Attached: 2 images We are now reporting in our feeds Fortinet IPs still likely vulnerable to CVE-2024-23113 (format string pre-auth RCE). This vulnerability is known to be exploited in the wild. 87,390 IPs found on 2024-10-12 scan. Top: US (14K), Japan (5.1K), India (4.8K) We are sharing daily feeds of vulnerable IPs in our Vulnerable HTTP report: https://shadowserver.org/what-we-do/network-reporting/vulnerable-http-report/ You can track CVE-2024-23113 vulnerable instances over time on our Dashboard: https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=other&d1=2024-10-09&d2=2024-10-12&source=http_vulnerable&source=http_vulnerable6&tag=cve-2024-23113%2B&dataset=unique_ips&style=stacked Patch details from Fortinet (Feb 8th, 2024): https://fortiguard.com/psirt/FG-IR-24-029 Note this vulnerability has been added recently to the US CISA's Known Exploited Vulnerabilities catalog https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Kevin Beaumont