























On October 23rd, 2024, a zero-day vulnerability in Fortinet’s FortiManager, dubbed "FortiJump," was disclosed as being exploited in the wild. Assigned CVE-2024-47575, the vulnerability allows attackers to execute code remotely on FortiManager devices without authentication.
The root cause lies in the fgfmd daemon, a crucial component of the FortiGate to FortiManager (FGFM) protocol, responsible for communication between FortiGate firewalls and the centralized FortiManager. Exploiting this flaw enables attackers to exfiltrate sensitive configuration data from managed FortiGate devices, including IP addresses, hashed passwords, and detailed network settings. This stolen information could be used to compromise the FortiGate firewalls directly, alter configurations, and pivot to other systems within the network.
Security researchers at Google/Mandiant investigated the exploitation with Fortinet, identifying a new threat cluster, UNC5820, as the perpetrator. Their analysis revealed that UNC5820 exploited this vulnerability as early as June 2024. Although Fortinet released an advisory and patches for affected versions, concerns remain about the delayed public disclosure and the availability of patches for all vulnerable versions.
Upon disclosure on October 23rd, Todyl deployed proactive measures to detect and respond to the FortiJump vulnerability:
We leveraged our active research on the Söze Syndicate threat group to analyze the TTPs with this new vulnerability. Some IoCs listed in Fortinet's report matched those discovered in Todyl's investigation of the Söze Syndicate. As a part of our efforts, we have identified many additional IoCs related to this campaign. Todyl is continually monitoring and collaborating with our partners to further identify additional indicators that may be useful in this or other investigations.
These findings helped Todyl deliver:
Organizations using FortiManager should take immediate steps to mitigate their risk as recommended by Fortinet:
While immediate steps have been taken to address FortiJump, ongoing vigilance is paramount. We remain committed to:
We urge all organizations to patch vulnerable systems, implement the recommended mitigations, and maintain heightened awareness to protect against this and future threats.

Along a 25+ year journey in cybersecurity, David has amassed not just an impressive collection of retro conference badges, but a wealth of experience in leading well-known organizations through prevention, detection, containment, and recovery from significant cyber incidents.
David has been a part of some pretty remarkable teams: from contributing to the team that first brought the web browser into existence to rolling out the first firewalls at AT&T Bell Laboratories. After recent leadership roles at IBM Security and DXC Technology, David is excited to have joined the amazing team at Todyl to fulfill the mission of protecting the businesses we serve from advanced threats.
Analyze your operational readiness and get instant assessment-driven insights to strengthen your security posture.
Subscribe to our newsletter to get our latest insights.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。