A critical path traversal vulnerability in Fortinet FortiWeb is actively exploited to create unauthorized administrative users without authentication. Users are advised to update to version 8.0.2, check for suspicious activity, and restrict access to management interfaces. #FortiWebVulnerability #PathTraversal #FortinetExploit
Keypoints
- The vulnerability affects FortiWeb versions 8.0.1 and earlier.
- Threat actors use HTTP POST requests to exploit a specific API path.
- Multiple IP addresses have been involved in the recent attacks.
- Security firms have released tools to identify and exploit this flaw.
- Organizations should restrict interface access and monitor logs for suspicious activity.