Fortinet reports a serious vulnerability in its FortiGate firewalls. A patch is available, but that may already be too late for many companies.
Security vendor Fortinet has shared a bulletin detailing vulnerabilities in FortiOS and FortiProxy, the software running on the company’s FortiGate firewalls. These are currently under active attack by attackers. The vulnerability allows attackers to bypass authentication and remotely grant themselves superadmin privileges in order to wander freely around the corporate network.
read also
Fighting with equal weapons: how AI can help devise a more efficient SecOps strategy?
Fortinet warns that the vulnerability is currently being actively exploited and asks customers to update as soon as possible. That advice is echoed by U.S. cybersecurity agency CISA. With a CVSS score of 9.6 on a scale of 10, the vulnerability is labeled “critical.
In the bulletin, Fortinet lists the affected versions of FortiOS and FortiProxy. FortiOS 7.0 to 7.0.16 are affected and should be updated to version 7.0.17 or newer. For FortiProxy, versions 7.0 to 7.0.19 and 7.2 to 7.2.12 are vulnerable. Again, upgrading to a secure version is the message to keep FortiGate ports allowed.
Band-aid on the wound
The patch may come too late this time. Security firm Arctic Wolf noticed a spike in “suspicious activity” around FortiGate firewalls in December. At that time, the vulnerability was still a zero-day not on Fortinet’s radar. How many companies might have been affected during that period is unknown. Further research is needed to estimate the impact of the vulnerability, Arctic Wolf concludes his previous analysis.
In addition to installing firmware updates, FortiGate users are urged to search logs for signs of abuse and block management interfaces on the public Internet connection. Arctic Wolf Labs emphasizes that such interfaces should only be accessible to internal users. Misconfigurations that allow external access significantly increase the attack surface and risk of misuse.
read also
Hackers demolish FortiGate firewalls: Fortinet warns of ‘active misuse’
Like any security specialist, Fortinet regularly encounters vulnerabilities of its own. Above all, it shows that no single tool can provide complete protection, especially a firewall. Those without additional defenses are a bird for the cat once attackers get past the firewall.