CVE-2024-47571: 
Fortinet FortiManager vulnerability analysis and mitigation

An operation on a resource after expiration or release vulnerability (CWE-672) was discovered in Fortinet FortiManager versions 6.4.12 through 7.4.0. The vulnerability allows a FortiGate admin account that has been deleted through FortiManager to still maintain access to FortiGate using valid credentials (Fortinet PSIRT, CIS Advisory).

The vulnerability is classified as High severity with a CVSS v3.1 base score of 8.1. The attack vector is network-based (AV:N) with high attack complexity (AC:H), requires no privileges (PR:N), and no user interaction (UI:N). The scope is unchanged (S:U) with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) (NVD).

When exploited, this vulnerability allows attackers to gain improper access to FortiGate systems through valid credentials, even after the admin account has been deleted through FortiManager. This could potentially lead to unauthorized system access and control (Cyber Security News).

Fortinet has released patches for affected versions. FortiManager users should upgrade to the following versions: 7.4.1 or above for version 7.4.0, 7.2.4 or above for version 7.2.3, 7.0.9 or above for versions 7.0.7-7.0.8, and 6.4.13 or above for version 6.4.12. As a workaround, administrators can delete admin accounts directly from FortiGate instead of using FortiManager (Fortinet PSIRT).