Our Thoughts on Modern Configuration and Secrets Management

Resolve CVEs with a Configuration Data Automation Platform

Written by Greg Arnette | Oct 30, 2024 1:59:45 PM

What's happening: CVE-2024-47575 is a critical vulnerability in Fortinet's FortiManager platform, which manages configurations for FortiGate devices. The vulnerability is a "missing authentication for critical function" flaw in the fgfmd daemon, allowing unauthenticated attackers to execute arbitrary code. Exploited in the wild, it enables threat actors to steal IPs, credentials, and configurations from managed devices.

CloudTruth is the automation platform that distributes accurate configuration updates to all the components in your system.

In many cases, configuration settings cause vulnerabilities. A tweak to a critical setting can fix the issue without deploying new software.

Why it matters: Misconfigurations have been a leading cause of security breaches in cloud environments. CVE-2024-47575 is especially concerning as it affects widely used Fortinet products, exposing critical infrastructure to attackers. Organizations using FortiManager versions from 6.2 to 7.6.0 and older FortiAnalyzer models with FortiManager enabled are impacted.

Here's the simple configuration change to resolve the CVE:

config system global
set fgfm-deny-unknown enable
end

How CloudTruth helps:

  1. Proactive configuration management: CloudTruth helps organizations avoid misconfigurations by turning static configuration files into secure, parameterized templates. This ensures sensitive data like credentials and IPs are stored securely, avoiding the types of mismanagement that led to the vulnerability.
  2. Version control and rollback: In the event of exposure to CVE-2024-47575, CloudTruth provides a clear audit trail for configuration changes. This allows organizations to identify when the vulnerability was introduced and swiftly roll back to a secure configuration.
  3. Automated consistency: With CloudTruth, configurations are applied consistently across environments, automatically aligning with security best practices. This reduces the risk of exploitable misconfigurations that attackers could use to exploit vulnerabilities like CVE-2024-47575.

The bottom line: CVE-2024-47575 highlights the critical importance of secure configuration management. CloudTruth's platform secures your configurations and ensures they are continuously monitored and updated, making it a vital tool for safeguarding against vulnerabilities like this one.