TT-CSIRT – 436.24.10.24. Missing Authentication in FortiManager fgfmd
Fortinet has released a patch to address a critical vulnerability in their FortiManager product. This vulnerability allows threat actors to use a compromised FortiManager device to execute arbitrary code or commands via specially crafted requests against other FortiManager devices, through a missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon. Reports have shown this vulnerability to be exploited in the wild. Recommendations: |
TTCSIRT encourages administrators to visit the following link for more information and take necessary actions immediately: PSIRT | FortiGuard Labs If you have any queries, comments or require assistance, please feel free to contact the TT-CSIRT via contacts@ttcsirt.gov.tt |