Fortinet FortiOS / FortiManager 2024 Zero-Days
What is Fortinet FortiOS / FortiManager 2024 Zero-Days?
Fortinet FortiOS / FortiManager 2024 Zero-DaysA 2024 series of pre-authentication vulnerabilities in Fortinet FortiOS, FortiProxy, FortiManager and the FortiGate SSL-VPN — including the FortiManager fgfmd flaw CVE-2024-47575 ('FortiJump') — exploited as zero-days by Chinese state-aligned actors.
Throughout 2024 Fortinet products were repeatedly targeted with pre-authentication zero-day vulnerabilities, especially in the FortiGate SSL-VPN service and in FortiManager's fgfmd protocol. The headline issue, CVE-2024-47575 ('FortiJump', disclosed October 2024, CVSS 9.8), is a missing-authentication flaw in FortiManager's fgfmd device-registration channel that lets an unauthenticated remote attacker register a malicious FortiGate, execute commands on the FortiManager, and pivot to manage every connected device. Mandiant attributed exploitation to UNC5820 (a China-nexus cluster) and observed compromise of dozens of FortiManagers before the patch and even some after. Other 2024 cases include CVE-2024-21762 (FortiOS SSL-VPN out-of-bound write, CVSS 9.6), CVE-2024-23113 (fgfmd format-string, CVSS 9.8), CVE-2024-55591 (Node.js websocket auth bypass in FortiOS), and CVE-2024-50603 (Aviatrix-style command injection). All were added to the CISA KEV catalog. The pattern reinforced that internet-exposed network-edge appliances remain a primary initial-access surface, especially for state-aligned actors building VPN-mediated footholds.
● Examples
- 01
An MSSP's internet-exposed FortiManager is compromised via CVE-2024-47575 before its operator gets to patch; UNC5820 pushes config changes to dozens of customer FortiGates.
- 02
An enterprise enforces a 'no FortiGate management interface on the public internet' policy and configures FortiManager fgfmd to whitelist device certs after the FortiJump advisory.
● Frequently asked questions
What is Fortinet FortiOS / FortiManager 2024 Zero-Days?
A 2024 series of pre-authentication vulnerabilities in Fortinet FortiOS, FortiProxy, FortiManager and the FortiGate SSL-VPN — including the FortiManager fgfmd flaw CVE-2024-47575 ('FortiJump') — exploited as zero-days by Chinese state-aligned actors. It belongs to the Vulnerabilities category of cybersecurity.
What does Fortinet FortiOS / FortiManager 2024 Zero-Days mean?
A 2024 series of pre-authentication vulnerabilities in Fortinet FortiOS, FortiProxy, FortiManager and the FortiGate SSL-VPN — including the FortiManager fgfmd flaw CVE-2024-47575 ('FortiJump') — exploited as zero-days by Chinese state-aligned actors.
How does Fortinet FortiOS / FortiManager 2024 Zero-Days work?
Throughout 2024 Fortinet products were repeatedly targeted with pre-authentication zero-day vulnerabilities, especially in the FortiGate SSL-VPN service and in FortiManager's fgfmd protocol. The headline issue, CVE-2024-47575 ('FortiJump', disclosed October 2024, CVSS 9.8), is a missing-authentication flaw in FortiManager's fgfmd device-registration channel that lets an unauthenticated remote attacker register a malicious FortiGate, execute commands on the FortiManager, and pivot to manage every connected device. Mandiant attributed exploitation to UNC5820 (a China-nexus cluster) and observed compromise of dozens of FortiManagers before the patch and even some after. Other 2024 cases include CVE-2024-21762 (FortiOS SSL-VPN out-of-bound write, CVSS 9.6), CVE-2024-23113 (fgfmd format-string, CVSS 9.8), CVE-2024-55591 (Node.js websocket auth bypass in FortiOS), and CVE-2024-50603 (Aviatrix-style command injection). All were added to the CISA KEV catalog. The pattern reinforced that internet-exposed network-edge appliances remain a primary initial-access surface, especially for state-aligned actors building VPN-mediated footholds.
How do you defend against Fortinet FortiOS / FortiManager 2024 Zero-Days?
Defences for Fortinet FortiOS / FortiManager 2024 Zero-Days typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Fortinet FortiOS / FortiManager 2024 Zero-Days?
Common alternative names include: FortiJump, CVE-2024-47575, CVE-2024-21762.
● Related terms
- vulnerabilities№ 1399
Zero-Day Vulnerability
A security flaw that is unknown to the vendor (or for which no patch yet exists) at the moment it is discovered or exploited.
- vulnerabilities№ 194
CISA Known Exploited Vulnerabilities (KEV) Catalog
A U.S. CISA-maintained list of CVEs with credible evidence of in-the-wild exploitation, paired with mandatory remediation deadlines for U.S. federal civilian agencies and widely used by enterprises as a priority signal.
- network-security№ 1339
VPN (Virtual Private Network)
A technology that creates an encrypted, authenticated tunnel over a public network so that traffic appears to travel through a private network.
- network-security№ 1210
SSL VPN
A VPN that tunnels traffic over TLS (historically SSL), allowing remote access through standard web ports without a dedicated VPN protocol.
- attacks№ 1234
Supply Chain Attack
An attack that compromises a trusted third-party software, hardware, or service provider in order to reach its downstream customers.
- defense-ops№ 799
Nation-State Actor
A government-sponsored or government-aligned threat actor that conducts cyber operations to pursue strategic, intelligence, military, or economic objectives.