Fortinet vulnerabilities are also popular with initial access broker groups that sell access to potential victims’ networks to ransomware groups. government recently released a security bulletin that highlighted state-sponsored threat actors gaining access to networks via Fortigate devices. Presumably, this policy is meant to give customers time to update their devices before threat actors exploit flaws, but in practice, it gives attackers a head start on attack development while keeping vulnerable organizations in the dark.Īccording to a Jupdate to the advisory, Fortinet is now aware of instances where this vulnerability has been exploited to download the config file from the targeted devices, and to add a malicious super_admin account called fortigate-tech-support: # show system adminįortinet device vulnerabilities are historically popular with attackers of all skill levels, though exploitability varies on a vuln-by-vuln basis. The company has a history of issuing security patches prior to disclosing critical vulnerabilities. According to reports, security fixes were released on Friday in FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5.įortinet published an advisory for CVE-2023-27997 on June 13, 2023. According to Lexfo Security’s Charles Fol, who discovered the vulnerability, the flaw is heap-based and reachable pre-authentication. On June 9, 2023, Fortinet silently patched a purported critical remote code execution (RCE) vulnerability in Fortigate SSL VPN firewalls.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |