Fortinet FortiOS / FortiManager 2024 Zero-Days.

A 2024 series of pre-authentication vulnerabilities in Fortinet FortiOS, FortiProxy, FortiManager and the FortiGate SSL-VPN — including the FortiManager fgfmd flaw CVE-2024-47575 ('FortiJump') — exploited as zero-days by Chinese state-aligned actors. Относится к категории Уязвимости в кибербезопасности.

A 2024 series of pre-authentication vulnerabilities in Fortinet FortiOS, FortiProxy, FortiManager and the FortiGate SSL-VPN — including the FortiManager fgfmd flaw CVE-2024-47575 ('FortiJump') — exploited as zero-days by Chinese state-aligned actors.

Throughout 2024 Fortinet products were repeatedly targeted with pre-authentication zero-day vulnerabilities, especially in the FortiGate SSL-VPN service and in FortiManager's fgfmd protocol. The headline issue, CVE-2024-47575 ('FortiJump', disclosed October 2024, CVSS 9.8), is a missing-authentication flaw in FortiManager's fgfmd device-registration channel that lets an unauthenticated remote attacker register a malicious FortiGate, execute commands on the FortiManager, and pivot to manage every connected device. Mandiant attributed exploitation to UNC5820 (a China-nexus cluster) and observed compromise of dozens of FortiManagers before the patch and even some after. Other 2024 cases include CVE-2024-21762 (FortiOS SSL-VPN out-of-bound write, CVSS 9.6), CVE-2024-23113 (fgfmd format-string, CVSS 9.8), CVE-2024-55591 (Node.js websocket auth bypass in FortiOS), and CVE-2024-50603 (Aviatrix-style command injection). All were added to the CISA KEV catalog. The pattern reinforced that internet-exposed network-edge appliances remain a primary initial-access surface, especially for state-aligned actors building VPN-mediated footholds.

Защита от Fortinet FortiOS / FortiManager 2024 Zero-Days обычно сочетает технические меры и операционные практики, как описано в определении выше.

Распространённые альтернативные названия: FortiJump, CVE-2024-47575, CVE-2024-21762.