FortiManager fgfmd remote command execution

Added: 11/15/2024

Background

FortiManager is an integrated platform for the centralized management of products in a Fortinet security infrastructure.

Problem

Missing authentication in the fgfmd service could allow a remote attacker to execute arbitrary commands.

Resolution

Upgrade to FortiManager 6.2.13, 6.4.15, 7.0.13, 7.2.8, 7.4.5, or 7.6.1 or higher, or use one of the workarounds described in FG-IR-24-423.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-423

Platforms

FortiManager

Back to exploit index