<ul><li>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Fortinet FortiManager missing authentication vulnerability CVE-2024-47575 (CVSS v4 score: 9.8) to its Known Exploited Vulnerabilities (KEV) catalog.</li><li>A missing authentication flaw in FortiManager and FortiManager Cloud versions allows attackers to execute arbitrary code or commands through specially crafted requests.</li><li>Fortinet confirmed that the vulnerability CVE-2024-47575 has been exploited in the wild for exfiltrating files containing IPs, credentials, and configurations of managed devices.</li><li>CISA orders federal agencies to fix this vulnerability by November 13, 2024.</li></ul>

U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog

Discover more