Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs

This report describes a FortiManager/FortiGate FGFM implementation flaw (CVE-2024-47575) that permits unauthorized FortiGate devices to register and trigger remote code execution on FortiManager, allowing attackers to manage downstream firewalls, steal configs/credentials, and pivot across networks; the author observed active exploitation via a honeypot and identified attacker IPs on Vultr, and recommends disabling FGFM or applying patches and not exposing FGFM to the Internet.