At a glance.
- Fortinet discloses critical vulnerability exploited since June.
- Officials investigate how TSMC chips ended up in Huawei products.
- Embargo ransomware gang deploys new toolkit.
Fortinet discloses critical vulnerability exploited since June.
Fortinet has publicly disclosed a critical vulnerability affecting FortiManager API that can "allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests." The vulnerability (CVE-2024-47575) has been assigned a CVSS score of 9.8 out of 10. The company began privately notifying customers about the flaw on October 13th, BleepingComputer notes.
Fortinet said in a statement, "After identifying this vulnerability (CVE-2024-47575), Fortinet promptly communicated critical information and resources to customers. This is in line with our processes and best practices for responsible disclosure to enable customers to strengthen their security posture prior to an advisory being publicly released to a broader audience, including threat actors. We also have published a corresponding public advisory (FG-IR-24-423) reiterating mitigation guidance, including a workaround and patch updates. We urge customers to follow the guidance provided to implement the workarounds and fixes and to continue tracking our advisory page for updates. We continue to coordinate with the appropriate international government agencies and industry threat organizations as part of our ongoing response."
Mandiant published a report on the vulnerability last night, stating that a threat actor has been exploiting the flaw as a zero-day since at least June 27th, 2024. Mandiant tracks the threat actor as "UNC5820," but hasn't yet attributed it to any known group. Mandiant explained, "UNC5820 staged and exfiltrated the configuration data of the FortiGate devices managed by the exploited FortiManager. This data contains detailed configuration information of the managed appliances as well as the users and their FortiOS256-hashed passwords. This data could be used by UNC5820 to further compromise the FortiManager, move laterally to the managed Fortinet devices, and ultimately target the enterprise environment."