Multiple Fortinet Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-47571 CVSS:7.9

Fortinet FortiManager could allow a remote attacker to bypass security restrictions, caused by improper access control to expiration resource.

CVE-2024-47572 CVSS:8.3

An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file.

Impact

Security Bypass
Gain Access

Indicators of Compromise

CVE

CVE-2024-47571
CVE-2024-47572

Affected Vendors

Fortinet

Affected Products

Fortinet FortiManager 7.2.3
Fortinet FortiManager 7.0.8
Fortinet FortiManager 6.4.12
Fortinet FortiManager 7.0.7
Fortinet FortiSOAR - 7.4.0 - 7.3.0 - 7.2.1

Remediation

Upgrade to the latest version of Fortinet, available from the FortiGuard Website.

CVE-2024-47571

CVE-2024-47572

CoinMiner Malware – Active IOCs

RansomHub Ransomware Leverages Python Malware to Exploit Network Vulnerabilities – Active IOCs

Multiple Fortinet Products Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan