October 24, FortiManager Authentication Vulnerability
Fortinet have released details surrounding a recently disclosed vulnerability affecting various FortiManager products. This has been given a “Critical” severity rating of 9.8/10.0 on the CVSSv3 scale, under CVE-2024-47575.
To address this, Fortinet have released patches for the versions stated as affected:
| Version | Affected | Solution |
| FortiManager 7.6 | 7.6.0 | Upgrade to 7.6.1 or above |
| FortiManager 7.4 | 7.4.0 through 7.4.4 | Upgrade to 7.4.5 or above |
| FortiManager 7.2 | 7.2.0 through 7.2.7 | Upgrade to 7.2.8 or above |
| FortiManager 7.0 | 7.0.0 through 7.0.12 | Upgrade to 7.0.13 or above |
| FortiManager 6.4 | 6.4.0 through 6.4.14 | Upgrade to 6.4.15 or above |
| FortiManager 6.2 | 6.2.0 through 6.2.12 | Upgrade to 6.2.13 or above |
| FortiManager Cloud 7.6 | Not affected | Not Applicable |
| FortiManager Cloud 7.4 | 7.4.1 through 7.4.4 | Upgrade to 7.4.5 or above |
| FortiManager Cloud 7.2 | 7.2.1 through 7.2.7 | Upgrade to 7.2.8 or above |
| FortiManager Cloud 7.0 | 7.0.1 through 7.0.12 | Upgrade to 7.0.13 or above |
| FortiManager Cloud 6.4 | 6.4 all versions | Migrate to a fixed release |
Fortinet have assigned this an internal reference of FG-IR-24-423, and have additionally stated, “Reports have shown this vulnerability to be exploited in the wild”.
Please refer to the vendor disclosure page for the most recent updates regarding the vulnerability details: https://www.fortiguard.com/psirt/FG-IR-24-423
Daisy’s Security Operations Incident Response team has already applied known mitigation actions as soon as we were in a position to do so.
Daisy is undertaking all necessary actions to ensure our customers are safe, and our dedicated security teams are continuing to monitor the situation.
If you suspect you have been affected by this vulnerability or need to discuss further advice please contact our Service Desk team on 0330 024 3333 or raise a ticket via our Customer Portal.