A Fortinet zero-day tracked as CVE-2024-47575 and named FortiJump has been exploited since at least June 2024.

Emphasizing its serious nature, the vulnerability has been assigned a Common Vulnerability Scoring System score of 9.8, which is critical on the CVSS scoring system. Fortinet has confirmed that the vulnerability is actively being exploited in the wild.

Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses,

In order to use the flaw, an attacker would need to have a valid Fortinet device certificate, Rob King, director of security research at flaw finding firm runZero explained. But that could be taken from a legitimate box and reused, and would allow the intruder to log into the management software without proper checks.

Discover critical details on Fortinet's FortiManager vulnerability (CVE-2024-47575) and essential mitigation strategies.

A critical FortiManager flaw has been exploited in attacks since June, with Fortinet urging immediate updates to protect against unauthorized access and data breaches.

Cybersecurity company Fortinet has confirmed that a critical security vulnerability in FortiManager devices has reportedly been actively exploited in the

The bug, tracked as CVE-2024-47575, has been assigned a CVSS score of 9.8 out of 10, and is described as a “missing authentication for critical function” vulnerability allowing attackers to execute arbitrary code or commands via specially crafted requests.