October 23, 2024 By Lawrence Abrams
Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices.
The company privately warned FortiManager customers about the flaw starting October 13th in advanced notification emails seen by BleepingComputer that contained steps to mitigate the flaw until a security update was released.
However, news of the vulnerability began leaking online throughout the week by customers on Reddit and by cybersecurity researcher Kevin Beaumont on Mastodon, who calls this flaw "FortiJump."
Fortinet device admins have also shared that this flaw has been exploited for a while, with a customer reporting being attacked weeks before the notifications were sent to customers.
"We got breached on this one weeks before it hit "advance notifications" - 0-day I guess," reads a now-deleted comment on Reddit.
FortiManager zero-day disclosed
Today, Fortinet publicly disclosed the actively exploited critical FortiManager flaw, tracked as CVE-2024-47575 with a rated severity of 9.8 out of 10.
