CVE-2024-47573 – This vulnerability allows authenticated attacke... (How to Fix)

Q: What is the severity of CVE-2024-47573?

CVE-2024-47573 has a CVSS score of 6.5 (MEDIUM). This vulnerability allows authenticated attackers with Read/Write system maintenance permissions to install corrupted firmware images on FortiNDR devices. It affects FortiNDR versions 7.4.2 and below, 7.2.1 and below, 7.1.1 and below, and 7.0.6 and below. The improper integrity check validation could lead to system compromise.

📋 TL;DR

This vulnerability allows authenticated attackers with Read/Write system maintenance permissions to install corrupted firmware images on FortiNDR devices. It affects FortiNDR versions 7.4.2 and below, 7.2.1 and below, 7.1.1 and below, and 7.0.6 and below. The improper integrity check validation could lead to system compromise.

💻 Affected Systems

Products:

FortiNDR

Versions: 7.4.2 and below, 7.2.1 and below, 7.1.1 and below, 7.0.6 and below

Operating Systems: Fortinet proprietary OS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user with Read/Write permission on system maintenance

📦 What is this software?

Fortindr by Fortinet

View all CVEs affecting Fortindr →

Fortindr by Fortinet

View all CVEs affecting Fortindr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker installs malicious firmware that provides persistent backdoor access, disrupts network detection capabilities, or enables lateral movement to other systems.

🟠

Likely Case

Attacker installs corrupted firmware causing system instability, service disruption, or data loss requiring system restoration.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to potential service disruption from accidental corruption.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access with specific permissions

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Fortinet advisory for specific fixed versions per release line

Vendor Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-23-461

Restart Required: Yes

Instructions:

1. Review Fortinet advisory FG-IR-23-461. 2. Identify affected version. 3. Upgrade to fixed version per release line. 4. Restart system after upgrade.

🔧 Temporary Workarounds

Restrict System Maintenance Permissions

all

Limit Read/Write permissions on system maintenance to only essential administrators

Implement Firmware Validation Controls

all

Add manual verification steps before firmware installation

🧯 If You Can't Patch

Restrict access to system maintenance functions to minimal required personnel
Implement strict change control procedures for all firmware updates with multiple approvers

🔍 How to Verify

Check if Vulnerable:

Check FortiNDR version via web interface or CLI: get system status

Check Version:

get system status

Verify Fix Applied:

Verify version is above affected ranges: 7.4.3+, 7.2.2+, 7.1.2+, or 7.0.7+

📡 Detection & Monitoring

Log Indicators:

Unexpected firmware installation events
Authentication from unusual accounts to maintenance functions
System integrity check failures

Network Indicators:

Unusual firmware download patterns
Maintenance interface access from unexpected sources

SIEM Query:

source="fortindr" AND (event="firmware_install" OR event="maintenance_access")

📊 Metadata

CVE ID: CVE-2024-47573

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-354

EPSS Score: 0.06% exploit probability (18.4th percentile)

Published: March 14, 2025

Last Updated: July 24, 2025

🔗 References

https://fortiguard.fortinet.com/psirt/FG-IR-23-461 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47573, you might also want to check these: