ETSI’s 4th NFV Plugtests event broadens its scope with edge computing testing

Sophia Antipolis, 29 July 2019

The 4^th ETSI NFV Plugtests^TM event was one of the sunny June highlights in ETSI, as it took place from 3 to 7 June in Sophia Antipolis.

Read More...

Developers at MEC Hackathons endorsed by ETSI challenged to trial edge computing for 5G in UK and China

Sophia Antipolis, 27 September 2019

The successful second edition of the MEC Hackathons endorsed by ETSI recently ended in two different parts of the world simultaneously on 17-18 September in London (UK) and Shenzhen (China).

Read More...

Mission Critical Implementations tested during the fourth ETSI MCX Plugtests

Sophia Antipolis, 30 September 2019

The 4^th ETSI MCX Plugtests^TM have concluded with a success rate of 95% of the executed tests in the validation of 3GPP mission critical services vendor interoperability.

Read More...

ETSI NFV Release 4 empowers orchestration and cloud enabled deployments

Offers increased support for automation

Sophia Antipolis, 8 October 2019

The ETSI Industry Specification Group (ISG) for Network Functions Virtualisation (NFV) has started working on its next specification release, known as Release 4. While NFV-based deployments are expanding worldwide and show the benefits of network function virtualization, new technologies are expected to be leveraged and features are being added in support of 5G and novel fixed access network deployments that are emerging in many countries. The release 4 work programme will provide the right setting to further enhance the NFV framework by considering recent technological advances, as well as ways to simplify its usage, that are aligned with the current trends in the industry towards network transformation.

Read More...

"CALLING THE SHOTS" A report commissioned by ETSI calls on EU to retake global leadership in digital standard setting

Sophia Antipolis, 10 October 2019

The report Calling the Shots: Standardization for EU Competitiveness in a Digital Era, was drawn up by an independent panel of experts brought together by Kreab at the request of ETSI and led by Carl Bildt, former Prime Minister and Foreign Minister of Sweden. The panel who met during the first half year of 2019, gathered insights and experience from industry, politics and academia. 

Read More...

ETSI Multi-access Edge Computing builds on NFV and network slicing

Sophia Antipolis, 15 January 2020

The ETSI Multi-access Edge Computing Industry Specification Group is pleased to announce the release of two major reports as part of its Phase 2 work. The report ETSI GR MEC 027 studies the impact of alternative virtualization technologies. The second report, ETSI GR MEC 024, examines network slicing on edge computing systems.

Read More...

ETSI Multi-access Edge Computing group reaches 100 members confirming attractiveness of the group

Sophia Antipolis, 31 March 2020

Strategy Analytics believes that 59% of all IoT deployments will be processing data using edge computing of some form by 2025. Furthermore, a survey from ResearchAndMarkets predicts that mobile edge computing as a service market will reach $73M by 2024, driven by enterprise hosted deployments. No wonder that ISG MEC - one of ETSI’s most dynamic Industry Specification Groups - keeps growing and has now welcomed its 100^th member with Mitsubishi Electric R&D Centre Europe.

Read More...

ETSI releases White Paper on the role of standards for ICT to mitigate the impact of a pandemic

Sophia Antipolis, 28 May 2020

Today, ETSI unveils a new white paper, written by the officials of the ETSI EP eHealth group, highlighting the role of standards developing organizations (SDOs) in developing standards for ICT to mitigate the impact of a pandemic. COVID-19 is not a mild pandemic, it is a serious, often lethal, health condition, the impact of which is seriously detrimental to social and economic life across the world. The ETSI paper acts to identify a "call to arms" to standards bodies and their constituent members to ensure that when the next pandemic arrives, we can rely on greater harmonization of the supply chain.

Read More...

ETSI Multi-Access Edge Computing extends services to WiFi to address enterprise needs

Sophia Antipolis, 16 July 2020

The ETSI Industry Specification Group on Multi-Access Edge Computing, ISG MEC, has recently released ETSI MEC GS 028 to extend network information services to the world of WiFi and thus squarely into enterprises space.

Read More...

New ETSI white paper: Harmonizing standards for edge computing, a synergized architecture leveraging ETSI ISG MEC and 3GPP specifications

Sophia Antipolis, 27 July 2020

Members and officials of the ETSI Multi-access Edge Computing group and the 3GPP SA WG6 have just published a new white paper which aims to harmonize standards for edge computing. The white paper highlights the role of standards for edge when edge computing is deployed in conjunction with mobile networks. It also reviews the leading efforts in the industry and introduces a synergized architecture which leverages the ETSI ISG MEC and 3GPP specifications. This paper highlights the value proposition of different standards streams and how those standards may be combined when it comes to deployments. Some deployment options are discussed.

Read More...

ETSI unveils NFV&MEC 2020 Interoperability Report:
Strong focus on Containerized and 5G Network Services

Sophia Antipolis, 22 September 2020

ETSI is pleased to release the report of its NFV&MEC Plugtests^TM  event that took place remotely in June 2020. After several weeks of remote integration and pre-testing, the event offered NFV and MEC solution providers as well as open source communities an opportunity to discuss and solve interoperability challenges while validating their implementation of NFV and MEC specifications and APIs.

Read More...

ETSI webinar on Standardization for EU competitiveness in a digital decade

Register now!

Sophia Antipolis, 6 October 2020

ETSI and KREAB invite you to a high-level virtual debate on 28 October to discuss and share your ideas on a standardization strategy to stimulate EU competitiveness in the digital economy.

Read More...

ETSI virtual conference on boosting the impact of research & innovation through standardization

Sophia Antipolis, 6 November 2020

Standardized commercial products and services substantially contribute to the overall global economy and quality of life of citizens around the world.

Join ETSI and TelecomTV for a two-day virtual conference focused on the Research Innovation Standards Ecosystem and Research Opportunities in Standards.

The virtual event will take place on 24 and 25 November, and each of the two days will comprise multiple sessions, including presentations and panel discussions followed by LIVE Q&A sessions where you'll be able to interact and ask your questions to the experts.

Read More...

ETSI experts complete specifications for Vulnerable Road Users

Sophia Antipolis, 24 November 2020

A group of experts in ETSI TC ITS, the committee in charge of Intelligent Transport Systems, has just completed a set of three standards related to Vulnerable Road Users (VRU) protection with the specification ETSI TS 103 300-3. This standard defines the VRU awareness service together with its key interfaces and protocols as well as the VRU awareness message (VAM) format, semantics and syntax. The specification completes the Technical Report, ETSI TR 103 300-1 on use cases and the Technical specification, ETSI TS 103 300-2, addressing the functional architecture and requirements for VRU. The development of the standards included stakeholders from around the world and received a large set of contributions from representatives working on different types of vulnerable road users, for example bicycles and motorcycles.

Read More...

Developers at MEC Hackathon challenged to trial edge computing for 5G at the Droidcon virtual event

Sophia Antipolis, 10 December 2020

The successful last edition of MEC Hackathons endorsed by ETSI took place on 25 to 26 November and was hosted by Droidcon Italy 2020 as a fully virtual event. The competition was open for developers to test their applications with ETSI MEC APIs (Application Programming Interfaces) in a variety of use cases. The organizing committee received a total of 14 submissions, including several topics, from Augmented Reality for Construction Sector, to consumer, media and entertainment application, to automotive services. Admitted teams were offered remote access to MEC servers and software platforms to develop mobile applications for advanced services in MEC-enabled 5G networks, using ETSI MEC technologies. They were also required to onboard their applications in real-life MEC systems and connect with the MEC APIs to receive simulated in-network data.

Read More...

ETSI unveils its Report comparing worldwide COVID-19 contact-tracing systems – a first step toward interoperability

Sophia Antipolis, 2 February 2021

The COVID-19 pandemic has stretched the planet’s health systems to their limits and tested the measures adopted to alleviate difficulties. Contact tracking or tracing to identify infected people has been one such example. However, contact tracing based on interviews with identified or suspected patients presents known weaknesses from previous pandemics. Turning to digital means in a world where global mobility is the rule was therefore of the essence.

Read More...

Listen to ETSI webinar: “IPv6 Enhanced Innovation: the IPv6-only Future in the 5G, IoT & Cloud Era"

Sophia Antipolis, 17 September 2021

ETSI has successfully held two webinars on ‘IPv6 Enhanced Innovation: the IPv6-Only Future in the 5G, IoT & Cloud Era’ on 13 September. They are available at the following locations:

Part 1: https://www.brighttalk.com/webcast/12761/497800;

Part 2: https://www.brighttalk.com/webcast/12761/497809

Ten experts from government institutions, operators, manufacturers and research institutes, shared their vision and the progress made to date within ETSI ISG (Industry Specification Group) IPE (IPv6 Enhanced innovation).

Read More...

ETSI releases test specification to comply with world-leading Consumer IoT Security standard

Sophia Antipolis, 12 October 2021

ETSI has released the test specification for the existing ETSI EN 303 645, the world leading consumer IoT security standard. This test specification, ETSI TS 103 701, describes how a conformity assessment is performed in a structured and comprehensive way. This will allow supplier organizations such as manufacturers, vendors or distributers to assess the compliance of their devices against ETSI ETSI EN 303 645 in self-assessments or via testing labs. User organizations can also apply the test specification for in-house testing.

Read More...

World’s first non-cellular 5G technology, ETSI DECT-2020, gets ITU-R approval, setting example of new era connectivity

Sophia Antipolis, 19 October 2021

ETSI DECT-2020 NR, the world’s first non-cellular 5G technology standard, has been recognized by the WP5D of the International Telecommunication Union’s Radiocommunication Sector (ITU-R) and included as part of the 5G standards in IMT-2020 technology recommendation. Dr. Günter Kleindl, Chair of the ETSI Technical Committee DECT, says: “With our traditional DECT standard we already received IMT-2000 approval by ITU-R twenty-one years ago, but the requirements for 5G were so much higher, that we had to develop a completely new, but compatible, radio standard.” Released last year, the standard sets an example of future connectivity: the infrastructure-less and autonomous, decentralized technology is designed for massive IoT networks for enterprises. It has no single points of failure and is accessible to anyone, costing only a fraction of the cellular networks both in dollars and in carbon footprint.

Read More...

ETSI releases first comprehensive global standard for securing smart phones

Sophia Antipolis, 24 November 2021

Today our smartphones and tablets are fundamental for citizens and hold a wide range of user data and apps. At the same time, security attacks have increased with malicious applications and network eavesdropping. To define security and assurance requirements for smart phones and tablets, mitigate potential risks and protect users, ETSI has released a world class standard called Consumer Mobile Device Protection Profile, ETSI TS 103 732. The specification identifies key security and privacy risks for user data and provides appropriate protection.

Read More...

MEC is ramping up with Phase 3 work on Multi-access Edge Computing

Sophia Antipolis, 15 March 2022

Since the beginning of 2022 the ETSI MEC Industry Specification Group (ETSI ISG MEC) has moved forward with the on-going Phase 3 work, which is foreseen to help accelerate and enable more effective and fruitful collaboration with other organizations.

Read More...

ETSI selected for special Research session at 2022 EuCNC & 6G Summit

Sophia Antipolis, 11 May 2022

ETSI is pleased to have been selected for a special session at 2022 EuCNC & 6G Summit, on 9 June 2022 in Grenoble, France. Entitled Research results impacting B5G and 6G through Standardization, it will be jointly chaired by Markus Mueck, Chair of the ETSI board RISE (Research, Innovation and Standards Ecosystem) group, and Riccardo Trivisonno, Chair of 6G-IA Pre-Standardization Working Group. The latter represents industry in the novel Smart Networks and Services Joint Undertaking (SNS-JU) which is Europe’s key funding framework for future 6G and related technology.

Read More...

ETSI simplifies ICT end-users’ lives with a guide available in 19 European languages

Sophia Antipolis, 21 July 2022

ETSI is pleased to announce the new version of the ETSI Guide EG 203 499, developed by experts from the Human Factors Technical Committee. The guide aims to further simplify end-user access to ICT devices, services and applications by providing recommended terms for basic and commonly used ICT-related objects and activities, notably the terms that end users are commonly exposed to.

Read More...

ETSI eSignature testing event helps industry to comply with EU regulation

Sophia Antipolis, 22 July 2022

With the eIDAS Regulation, European Union Member States have put in place the necessary technical means to process electronically signed documents that are required when using an online service offered by, or on behalf of, a public sector body. In order to ensure that the cross-border dimension works in practice, testing needs to be done to mutually check Member States’ signatures against their existing digital signature validation applications.

Read More...

ETSI publishes a new White Paper on Multi-access Edge Computing security

Sophia Antipolis, 28 September 2022

Members from the ETSI Multi-Access Edge Computing group (ISG MEC) have just published a new white paper, “MEC security; Status of standards support and future evolutions".

Read More...

ETSI workshop: improving Quality of Emerging Services for Speech and Audio

Sophia Antipolis, 23 November 2022

The ETSI STQ (Speech and multimedia Transmission Quality) Workshop that took place on 21-22 November 2022 in Bratislava (Slovakia) was hosted by Amazon. It focused on a user-centred perspective of the Quality of Emerging Services for Speech and Audio.

The event was attended by organizations providing a rich mix of inputs and perspectives from industry, regulators, and academia. Through presentations, discussions and professional networking, this STQ Workshop demonstrated a very high level of engagement by all participants, with stimulating interaction among all speakers and the audience.

Read More...

New ETSI Telemetry Standard Improves Automation for better End-User Quality of Experience

Sophia Antipolis, 28 November 2022

As the scale and services offered through the Optical Access Networks increase, it is crucial to maintain network good operation and performance. To achieve this, the Optical Access Network monitoring can be improved when compared to existing traditional methods via automated real-time data collection. Telemetry enables this and transmits data from the optical line terminal (OLT) - i.e., the device at the endpoint of a passive optical network - in real-time to provide information to the data collection platform.

Read More...

Leading to more effective and fruitful cross organization collaboration

Sophia Antipolis, 14 February 2023

In the last three months, ETSI ISG MEC has released its final Phase 2 specification (GS MEC 015, on Traffic Management APIs) and made significant progress on Phase 3 with the release of a number of important specifications, including the MEC Federation Enablement APIs (GS MEC 040): in particular, this specification is critical for supporting the requirements received from GSMA OPG (Operator Platform Group) to enable inter-MEC system communication and allow 5G operators to collaborate among themselves, with service cloud providers and with other stakeholders. 

Read More...

The implementation of Telecom Infra Project (TIP) Open Optical & Packet Transport (OOPT) Mandatory Use Case Requirements for SDN for Transport (MUST) in ETSI TeraFlowSDN cloud native SDN Controller will make it possible to accelerate network innovation in packet-optical networks.

Sophia Antipolis, 22 February 2023

The ETSI TeraFlowSDN community has announced their commitment to the implementation of TIP’s Mandatory Use Case Requirements for SDN for Transport (MUST) Requirements in their innovative cloud native SDN Controller. This will position TeraFlowSDN as a reference implementation in the Telecom Infra Project Open Optical & Packet Transport group (TIP OOPT). This move will also make it possible to accelerate the adoption of SDN standards for IP/MPLS, Optical and Microwave transport technologies, which is one of the main objectives of MUST.

Read More...

Sophia Antipolis, 20 September 2023

ETSI has published a new standard on “Requirements for trust service providers issuing publicly trusted S/MIME certificates” (ETSI TS 119 411-6 ) helping Trust Service Providers comply with new standards for S/MIME certificates that are enforced since 1 September 2023. Secure MIME (S/MIME) certificates are used to sign, verify, encrypt, and decrypt email messages. 

Read More...

Sophia Antipolis, 15 April 2024

ETSI Multi-access Edge Computing completed Phase 3 Work and started Phase 4

Leading to more effective and fruitful cross organization collaboration

In the last three months, ETSI ISG MEC has released its final set of Phase 3 specifications and made significant progress on Phase 4 with the opening of new Work Items. In particular, the last Phase 3 version of MEC 011 (Edge Platform Application Enablement) contains the updates related to the latest alignment with 3GPP on CAPIF, thanks to a fruitful collaboration with SA6, CT3 and SA3 groups. Also, ISG MEC produced an updated version of MEC 040 (Federation Enablement APIs), that carefully considered the relevant work of other industry bodies relating to MEC federation and all relevant work done in ETSI. This work is critical for supporting the requirements from GSMA OPG (Operator Platform Group) to enable inter-MEC system communication and allow 5G operators to collaborate among themselves, with service cloud providers and with other stakeholders. New APIs are introduced for the enablement of MEC federation, helping operators to "federate" edge computing resources by offering their MEC service capabilities for mutual consumption, application developers and end-customers (e.g. vertical markets).

Read More...

Sophia Antipolis, 8 October 2024

ETSI announces the completion of its Release 3 specifications on Fifth Generation Advanced Fixed Network (F5G-A). Building on the achievements of the Release 1 and Release 2, the ETSI ISG F5G has specified a series of new features and capabilities, further elevating fixed fiber networks to a new level:

• Specification of F5G Advanced
  ETSI ISG F5G unveiled the "F5G Advanced Generation Definition", which not only further enhances existing three foundational features of F5G-Enhanced Fixed Broadband (eFBB), Full Fiber Connectivity (FFC), and Guaranteed Reliable Experience (GRE), but also introduces three new key features: Real-time Resilient Link (RRL), Optical Sensing and Visualization (OSV), and Green Agile Optical network (GAO).

Read More...

Starts: Fri, 22 Nov 2024 19:00:00 -0500
11/22/2024 05:00:00PM
Location: Montreal, Canada

Starts: Sat, 07 Dec 2024 13:30:00 -0500
12/07/2024 11:30:00AM
Location: Los Angeles, U. S. A.

Starts: Wed, 11 Dec 2024 19:00:00 -0500
12/11/2024 05:00:00PM
Location: Vancouver, Canada

This document is only available in PDF format.

This document is only available as a PDF.

This document is only available as a PDF.

Job Summary: The International Food Policy Research Institute (IFPRI) seeks a qualified candidate to serve as Manager of Administration & Corporate Services for a one-year, renewable appointment in the Finance and Administration Division. The Manager of Administration & Corporate Services AFR is responsible for the overall coordination of administrative matters between IFPRI's headquarters in Washington DC and the IFPRI regional and country/project offices in Africa. The position provides management and operational support to IFPRI regional and country/project offices in Africa including related administrative aspects of current and new corporate partnerships in Africa. This position is based in Dakar, Senegal.  Essential Duties: Specific Duties include but are not limited to: Lead finance and administration functions of the Dakar office, providing operational support and oversight of day-to-day office activities.  Provide management support and oversight of the financial and administrative operations of IFPRI Regional and country/project offices in Africa, including functions such as budgeting, contracts and grants, human resources, facilities and IT management. Work closely with key administrative departments at IFPRI headquarters for accounting, human resources, computer services and facilities/office services, in the development of and roll-out of IFPRI-wide policy and procedure changes, providing guidance and training as needed to regional and country offices to ensure that the quality of operational support meets IFPRI operations standards. Regular analysis of operations capacity of IFPRI offices in Africa, identifying and making recommendations regarding opportunities for improvement in IFPRI’s administrative operations and processes, and undertaking new initiatives as agreed. Build strong relationships with Country Office Heads and Country Administrative and Finance Managers, providing advice, guidance, and support in all areas of operations and ensuring compliance with IFPRI policies and procedures. Financial reporting oversight for IFPRI regional and country offices in Africa, and supervision and management of the Hub Finance and Administration unit team, ensuring compliance with IFPRI and donor standards, policies and procedures and processes. Participation in the formulation of annual budgets and capital plans for IFPRI offices in Africa. Provide management oversight to ensure that proper financial controls are in place and processes are compliant with correct accounting procedures, providing strategic direction in developing options for addressing any weaknesses. Monitor projects in African locations on an as required basis. Facilitate decision-making on human resource (HR) matters relating to IFPRI offices in Africa (policies and procedures, labor law compliance, staffing, recruitment, conflict resolution, etc.) Work to build the capacity of finance, administrative staff members throughout IFPRI offices in Africa through regular training sessions and mentoring support. Contribute to the internal and external audit preparations for IFPRI offices in Africa and provide support on the implementation of audit recommendations and actions. Required Qualifications: Bachelor’s degree plus twelve years of relevant professional experience or Master’s degree plus ten years of relevant experience.  Minimum of four years management experience. Excellent verbal, written and interpersonal skills. Strong customer service skills. Ability to work effectively with all levels of organizations, including regional partners and donors. Ability to work autonomously, yet keep others informed. Ability to work in a multicultural setting. Excellent attention to details. Fluency in French is highly preferred.  ​Physical Demand & Work environment: Employee will sit in an upright position for a long period of time with little opportunity to move/stretch Employee will lift between 0-10 pounds Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading. The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity.

The Development Strategies and Governance (DSG) Unit within the Transformation Strategies Department of the International Food Policy Research Institute (IFPRI) seeks a Research Unit Contracts & Grants Manager I, who will be responsible for financial management which includes budgetary responsibilities, cost monitoring and control, and financial analysis and reporting, contracts administration which includes proposal preparation and submission and the administration of the Unit’s special projects. Other responsibilities include supervising Unit Admin Support staff, serving as liaison with finance and administration as well as the Director General’s office; drafting correspondence for the Unit director and communication with external contacts (donors, clients, collaborators, sub-contractors and auditors); and service as active member on various standing and ad-hoc committees, as well as work with Project Managers in management of budgets, contracts, deliverables, invoices and other payment documents. This position is a 2-year, renewable appointment based in Washington, DC.   Essential Duties: Specific duties and responsibilities include but are not limited to: Providing technical support in proposal preparation, reviewing contracts to ensure they reflect the provisions negotiated, and monitoring performance of contracts and submission of specified deliverables.  Drafting, negotiating and monitoring consultant collaborative agreements, serve as liaison between program collaborators and finance/administrative issues, review monthly financial reports, and provide financial analysis reports on projects.  Preparing the divisional budgets and monitoring expense budgets Coordinating the drafting of project/program budgets; review of accounting transactions.  Developing spreadsheets & maintaining financial information for planning & reference. Drafting routine correspondence regarding contracts or project/program finances. Assisting in financial audits Coordinating financial and operational activities for field offices Ensuring the smooth operation of the program’s day-to-day activities; coordinate seminars and workshops, manage logistical arrangements on seminars/workshops. Liaising with IFPRI HR Services, Facilities and IT department for related issues and needs. Preparing administrative and operational procedures for the division and approves timesheets Maintaining division files Supervising administrative support staff Other tasks as assigned. Required Qualifications:  Bachelor’s degree plus ten years of relevant experience, or associate’s degree plus twelve years of relevant experience.   Two year of management experience Experience in developing, monitoring and managing budgets and contracts. Experience in coordinating budget processes, reviewing accounting transactions, developing financial projections and reports. Solid composition, grammar and proof-reading skills, with the ability to compose correspondence and reports; excellent written and oral English communications skills. Proficient in Microsoft Office; word processing & spreadsheet programs required. Ability to handle multiple tasks & prioritize tasks with minimal supervision in a fast-paced environment. Demonstrated experience and comfort working with multiple program managers simultaneously.  Ability to prioritize and coordinate tasks in such an environment. Demonstrated flexibility to adjust to multiple individual work styles.  Attention to detail and ability to work within a team in a multicultural environment.   Preferred Qualifications: Familiarity with IFPRI’s operational systems (finance, accounting, etc.) and the CGIAR system is highly desirable.  Proficiency in a second language of the U.N. system Demonstrated proficiency with MS Office, especially Microsoft Word, Outlook, Excel, and PowerPoint required, and demonstrated proficiency with financial management and administrative software applications such as Costpoint, OnBase, Deltek, and/or other applications. Physical Demand & Work environment: Employee will sit in an upright position for a long period of time  Employee will lift between 0-10 pounds.  Employee is required to have close visual acuity to perform activities such as: preparing and analyzing data and figures; transcribing; viewing computer terminal; extensive reading. Salary Range: The expected salary range for this job requisition is between $85,600- $104,900. In determining your salary, we will consider your experience and other job-related factors.  Benefits: IFPRI is committed to providing our staff members with valuable and competitive benefits, as it is a core part of providing a strong overall employee experience. This position is eligible for health insurance coverage and a summary of our benefits can be found on our website. Please note that the listed benefits are generally available to active, non-temporary, full-time and part-time US-based employees who work at least 25 hours per week. The International Food Policy Research Institute (IFPRI) is an equal employment opportunity employer - F/M/Disability/Vet/Sexual Orientation/Gender Identity.

Assessing social media impact was one of the workshop sessions at November’s SpotOn London conference,

Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.

Background

The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a zero-day vulnerability in Fortinet’s FortiManager.

FAQ

What is FortiJump?

FortiJump is a name given to a zero-day vulnerability in the FortiGate-FortiManager (FGFM) protocol in Fortinet’s FortiManager and FortiManager Cloud. It was named by security researcher Kevin Beaumont in a blog post on October 22. Beaumont also created a logo for FortiJump.

What are the vulnerabilities associated with FortiJump?

On October 23, Fortinet published an advisory (FG-IR-24-423) for FortiJump, assigning a CVE identifier for the flaw.

What is CVE-2024-47575?

CVE-2024-47575 is a missing authentication vulnerability in the FortiGate to FortiManager (FGFM) daemon (fgfmsd) in FortiManager and FortiManager Cloud.

How severe is CVE-2024-47575?

Exploitation of FortiJump could allow an unauthenticated, remote attacker using a valid FortiGate certificate to register unauthorized devices in FortiManager. Successful exploitation would grant the attacker the ability to view and modify files, such as configuration files, to obtain sensitive information, as well as the ability to manage other devices.

Obtaining a certificate from a FortiGate device is relatively easy:

Comment
by from discussion
infortinet

According to results from Shodan, there are nearly 60,000 FortiManager devices that are internet-facing, including over 13,000 in the United States, over 5,800 in China, nearly 3,000 in Brazil and 2,300 in India:

When was FortiJump first disclosed?

There were reports on Reddit that Fortinet proactively notified customers using FortiManager about the flaw ahead of the release of patches, though some customers say they never received any notifications. Beaumont posted a warning to Mastodon on October 13:

Post by @GossiTheDog@cyberplace.social

View on Mastodon

Was this exploited as a zero-day?

Yes, according to both Beaumont and Fortinet, FortiJump has been exploited in the wild as a zero-day. Additionally, Google Mandiant published a blog post on October 23 highlighting its collaborative investigation with Fortinet into the “mass exploitation” of this zero-day vulnerability. According to Google Mandiant, they’ve discovered over 50 plus “potentially compromised FortiManager devices in various industries.”

Which threat actors are exploiting FortiJump?

Google Mandiant attributed exploitation activity to a new threat cluster called UNC5820, adding that the cluster has been observed exploiting the flaw since “as early as June 27, 2024.”

Is there a proof-of-concept (PoC) available for this vulnerability/these vulnerabilities?

As of October 23, there are no public proof-of-concept exploits available for FortiJump.

Are patches or mitigations available for FortiJump?

The following table contains a list of affected products, versions and fixed versions.

Fortinet’s advisory provides workarounds for specific impacted versions if patching is not feasible. These include blocking unknown devices from attempting to register to FortiManager, creating IP allow lists of approved FortiGate devices that can connect to FortiManager and the creation of custom certificates. Generally speaking, it is advised to ensure FGFM is not internet-facing.

Has Tenable released any product coverage for these vulnerabilities?

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2024-47575 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Get more information

• Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs
• FortiGuard Labs PSIRT FG-IR-24-423 Advisory

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

A twitter TeachIn about marine protected areas, hosted by @RJ_Dunlap on 4/8/2013

Selected responses categorized into 'helped', 'helped and harmed' and 'harmed'.

James King is a geomorphologist interested in exploring the processes that govern sediment transport and

TORONTO – The Ontario Securities Commission (OSC) today

TORONTO – The Canadian Securities Administrators (CSA) today published