Summary: Fortinet warns that threat actors are maintaining persistent access to FortiOS and FortiProxy devices due to known vulnerabilities, while a zero-day exploit for FortiGate firewalls is reportedly being sold on a dark web forum. This exploit could enable remote execution of arbitrary code without authentication, compromising sensitive configurations and data. Administrators are urged to update their systems to mitigate these risks and patch existing vulnerabilities.
Affected: Fortinet FortiGate firewalls and FortiOS/FortiProxy devices
Keypoints :
- Threat actor claims zero-day exploit in Fortinetโs FortiGate firewalls could allow unauthorized remote access.
- Exploit may provide full control over the device, enabling extraction of sensitive information like credentials and firewall policies.
- Fortinet advises updating to recent FortiOS versions to remove vulnerabilities and prevent exploitation.
- Vulnerabilities CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762 have been exploited globally for unauthorized access.
- Mitigations have been deployed, including an AV/IPS signature and software modifications to detect and clean malicious links.
Source: https://www.securityweek.com/threat-actor-allegedly-selling-fortinet-firewall-zero-day-exploit/