loading

88857 author: screaminggoat@infosec.exchange 23 Oct 2024 21:03
tags: #activeexploitation #cisakev #cti #cve #cve_2024_47575 #cybersecurity #cyberthreat #eitw #fortimanager #fortinet #infosec #ioc #kev #threatintel #vulnerability #zeroday
to: https://cyberplace.social/users/GossiTheDog https://infosec.exchange/users/cR0w https://swecyb.com/users/nopatience

Fortinet exploited zero-day: FG-IR-24-423 Missing authentication in fgfmsd
CVE-2024-47575 (9.8 critical, disclosed 23 October by Fortinet, noted earlier on 13 October by @GossiTheDog on Mastodon) Fortinet FortiManager Missing Authentication Vulnerability.

Reports have shown this vulnerability to be exploited in the wild.
The identified actions of this attack in the wild have been to automate via a script the exfiltration of various files from the FortiManager which contained the IPs, credentials and configurations of the managed devices.

CISA added CVE-2024-47575 to the KEV Catalog about 3 hours afterward.

Just in case you didn't read closely, there are indicators of compromise (IoC) in the advisory. At least one of the IP addresses was reportedly used as a Cobalt Strike server 2 years ago.

cc: @cR0w @nopatience I require at least 25 favorites to unlock my next toot!

#fortinet #fortimanager #cve #zeroday #CVE_2024_47575 #vulnerability #eitw #activeexploitation #kev #cisakev #KnownExploitedVulnerabilitiesCatalog

88028 author: Vidmo@cyberplace.social 23 Oct 2024 15:39
tags: #fortigate #fortimanager #fortinet

On the #fortinet #fortimanager vulnerability (CVE-2024-47575), one remediation step is to set disallow new Fortigates from registering automatically, the default setting. Be aware, if you don't have a #Fortigate in the device list already registered, you will not be able to add it even with a cert. To ensure all of your firewalls are in the device list in FortiManager:

diag dvm device list.

There are other remediations you can do, but if you use this one, look at your device list first.

87765 author: rhys@mastodon.rhys.wtf 23 Oct 2024 07:14
tags: #fortinet
to: https://cyberplace.social/users/GossiTheDog

I'm hating how much of my life is dominated by #Fortinet right now.

It's gotten a bit easier now some media outlets are reporting on it, mainly based on @GossiTheDog's toots, but good grief, what a mess.

On the plus side, it's encouraging my place to finally start taking vendor assessment and how we architecturally position vendor appliances a bit more seriously.

79412 author: fthy@mastodon.green 13 Oct 2024 09:58
tags: #Fortinet #fortimanager #infosec

Patch your FortiManager now. Limit access to it to only from dedicated jump-servers.

10901 author: mnordhoff@infosec.exchange 08 Aug 2024 00:37
https://clownstrike.lol/crowdmad/
tags: #fortinet

ClownStrike.lol now says #Fortinet has falsely blocked the domain as "phishing" and is giving them the runaround about appealing it. This domain is demonstrating all of the cybersecurity industry's problems.