Summary: Over 16,000 Fortinet devices have been compromised through a symlink backdoor, allowing read-only access to sensitive files, as reported by The Shadowserver Foundation. The issue stems from previously patched vulnerabilities and has been linked to ongoing attacks since 2023. Fortinet has begun notifying affected users and has released updates to mitigate the threat.
Affected: Fortinet devices (specifically FortiGate)
Keypoints :
- 16,620 devices were found compromised with a new symlink backdoor.
- The backdoor grants ongoing read-only access to the device’s root filesystem.
- Fortinet released updates to detect and remove the malicious link and advises users to reset credentials.