Home Fortinet CVE-2024-47575
CRITICAL: THIS VULNERABILITY IS ACTIVELY BEING EXPLOITED IN THE WILD (CISA KEV CATALOG)
Back to Fortinet

CVE-2024-47575

Exploited

FortiManager - Management Plane

Fortinet CVSS 9.8 Updated March 16, 2026

Executive Risk Summary

"A critical vulnerability in FortiManager allows attackers to execute arbitrary code or commands via specially crafted requests, potentially leading to unauthorized access and system compromise. Affected versions include FortiManager 7.6.0, 7.4.0-7.4.4, 7.2.0-7.2.7, 7.0.0-7.0.12, 6.4.0-6.4.14, and 6.2.0-6.2.12, as well as FortiManager Cloud versions."

Operational Audit Arsenal

Target Type Firmware Image
Target Asset FortiManager Firmware
Standard Path Global Firmware

Manual Verification Required

This is a non-Windows asset (Fortinet). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.

Patch Impact Forecast

Reboot Required Likely

Moderate to High

Internal Work Notes

CVE-2024-47575: Unauthenticated arbitrary code execution vulnerability in FortiManager, requiring immediate patching or mitigation to prevent potential system compromise.

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://fortiguard.fortinet.com/psirt/FG-IR-24-423
Official Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-47575

Related Fortinet Threats

CVE-2024-23108 CVSS 10

FortiGate - API
CVE-2024-23109 CVSS 10

FortiGate - API
CVE-2023-34992 CVSS 10

FortiGate - API
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.