CVE-2024-47575: FortiManager Unauthenticated RCE (FortiJump)

Score: 9.8
CRITICAL
Published: 2024-10-23Affected: FortiManager 7.x, 6.x multiple versionsCWE-306 β†—

What is FortiJump?

A missing authentication vulnerability in FortiManager's FGFM (FortiGate to FortiManager) daemon. Unauthenticated attackers can execute arbitrary code and commands via specially crafted requests, dubbed "FortiJump" by researchers.

Impact & Exploitation

Exploited as a zero-day since June 2024. Over 50 organizations compromised before disclosure. Enables complete control of FortiManager and all managed FortiGate firewalls.

Related Resources

πŸ” Related CWE Entries

πŸ“– Security Guides

πŸ”— External References

Precogs Logo

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

Base Score

CVSS9.8
SeverityCRITICAL
CWECWE-306
Published2024-10-23

Tags

fortinetfirmwarezero-daynetwork

Quick Links

Is your system affected?

Precogs AI detects FortiManager Unauthenticated RCE (FortiJump) in compiled binaries and firmware β€” even without source code.

Request Deep Analysis

Is Your System Still Exposed to Critical CVEs?

Vulnerabilities like CVE-2024-47575 FortiManager Unauthenticated RCE (FortiJump) don’t just exist in source code β€” they persist in compiled binaries, containers, and embedded systems. Precogs AI detects vulnerable components across your entire stack β€” even when source code isn’t available.

Request Deep AnalysisBook a demo