Skip to content

Commit

Permalink
Update DIVD-2024-00044.md
Browse files Browse the repository at this point in the history
Added ## Vulnerability detection
  • Loading branch information
kscdivd authored Dec 16, 2024
1 parent b09052f commit f50585a
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions _cases/2024/DIVD-2024-00044.md
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,9 @@ timeline:
## Summary
A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. Reports have shown this vulnerability is exploited in the wild.

## Vulnerability detection
In our fingerprint we check for open 541 ports from the internet that run the Fortimanger software and using default fortinet client-certificates to build up a secure connection to the device. After the connection is established, we trigger a specially function that allow us to check if this FortiManager software version is vulnerabile to give full shell access without authentication what can result in execution of arbitrary code or Remote code executions (RCE).

## Recommendations
Upgrade to a non-vulnerable version according to the FortiGuard advisory FG-IR-24-423. We recommend restricting public access to your instance when you are unable to either patch or apply the workaround provided by Fortinet. We also recommend checking your FortiManager for unrecognised serial numbers and perform forensics on your instance when you do find unrecognised serial numbers. Fortinet provides recovery methods in their FortiGuard advisory.

Expand Down

0 comments on commit f50585a

Please sign in to comment.