CVE-2024-47575

CRITICAL KEV NUCLEI

Fortinet FortiManager <7.6.0 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-47575 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added October 23, 2024. EIP tracks 5 public exploits from researchers including watchtowrlabs, SkyGodling, AnnnNix, including a Metasploit module exploits/linux/misc/fortimanager_rce_cve_2024_47575. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a functional exploit for CVE-2024-47575, an unauthenticated remote code execution vulnerability in Fortinet FortiManager. The exploit leverages a custom protocol to send malicious payloads, resulting in a reverse shell.

Description

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.

Exploits (5)

nomisec WORKING POC 96 stars
by watchtowrlabs · remote
https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575

This is a functional exploit for CVE-2024-47575, an unauthenticated remote code execution vulnerability in Fortinet FortiManager. The exploit leverages a custom protocol to send malicious payloads, resulting in a reverse shell.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Fortinet FortiManager (multiple versions)
No auth needed
Prerequisites: Network access to target · Open port 541 on target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by SkyGodling · remote
https://github.com/SkyGodling/exploit-cve-2024-47575

This is a functional exploit for CVE-2024-47575, targeting Fortinet FortiManager's unauthenticated remote code execution vulnerability. It leverages a custom SSL socket to send crafted requests, achieving RCE via command injection in a JSON payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Fortinet FortiManager (multiple versions, including 7.6.0, 7.4.0-7.4.4, 7.2.0-7.2.7, etc.)
No auth needed
Prerequisites: Network access to target on port 541 · Python environment with required libraries
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by AnnnNix · poc
https://github.com/AnnnNix/CVE-2024-47575

This PoC exploits CVE-2024-47575 by executing a base64-encoded and zlib-compressed Python script. The script is decoded and executed, likely achieving remote code execution (RCE) on the target system.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Unknown (likely a Python-based application)
No auth needed
Prerequisites: Python environment · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by revanslbw · remote
https://github.com/revanslbw/CVE-2024-47575-POC

This is a functional exploit PoC for CVE-2024-47575 targeting FortiManager, leveraging a command injection vulnerability to achieve remote code execution via a reverse shell payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: FortiManager (version not specified)
No auth needed
Prerequisites: Network access to target FortiManager on port 541 · SSL certificate and key files (w00t_cert.bin, w00t_key.bin)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by sfewer-r7 · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/fortimanager_rce_cve_2024_47575.rb

This Metasploit module exploits CVE-2024-47575, an unauthenticated RCE vulnerability in Fortinet FortiManager and FortiManager Cloud, by leveraging a missing authentication flaw in the FGFM service to execute commands as root.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Fortinet FortiManager (7.6.0, 7.4.0-7.4.4, 7.2.0-7.2.7, 7.0.0-7.0.12, 6.4.0-6.4.14, 6.2.0-6.2.12) and FortiManager Cloud (7.4.1-7.4.4, 7.2.1-7.2.7, 7.0.1-7.0.12, 6.4 all versions)
No auth needed
Prerequisites: Network access to TCP port 541 (FGFM service) · Valid Fortinet-signed client certificate with serial number in CN
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

FortiManager Unauthenticated Remote Code Execution
CRITICALby 0x_Akoko,pussycat0x,watchTowr

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.9387
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2024-10-23
VulnCheck KEV 2024-10-23
InTheWild.io 2024-10-23
ENISA EUVD EUVD-2024-42531
CWE
CWE-306
Status published
Products (3)
fortinet/fortimanager 7.6.0
fortinet/fortimanager 6.2.0 - 6.2.13
fortinet/fortimanager_cloud 6.4.1 - 6.4.7
Published Oct 23, 2024
KEV Added Oct 23, 2024
Tracked Since Feb 18, 2026