The Fortinet vulnerability in FortiOS and FortiProxy products has raised significant concerns for Australian businesses, organizations, and government entities. The Australian Cyber Security Centre (ACSC) has issued an alert highlighting the critical nature of this vulnerability, which has already been actively exploited in the wild.
The vulnerability identified by Fortinet allows unauthenticated remote attackers to gain “super-admin” privileges through an alternate path or channel vulnerability (CWE-288). This exploit has led to various post-exploitation activities by threat actors, including creating admin accounts, adding local users, adjusting device configurations, and establishing VPN tunnels into internal networks.
Fortinet has provided detailed indicators of compromise (IOCs) and IP addresses associated with the threat actors, enabling organizations to identify and investigate suspicious activities. The affected versions of Fortinet products include FortiOS 7.0 (up to version 7.0.16) and FortiProxy 7.0 (up to version 7.0.19), among others.
To mitigate the risks associated with this vulnerability, the ACSC recommends immediate action by organizations. This includes upgrading affected systems to secure versions, investigating for potential compromise, monitoring network activity for suspicious behavior, and following Fortinet’s published advice for additional technical details and guidance. It is crucial for organizations to stay updated on the latest advisories from Fortinet and the ACSC and enhance security measures to protect their systems.
The technical background of the Fortinet vulnerability involves an authentication bypass using an alternate path or channel vulnerability (CWE-288). Attackers can exploit this flaw to gain unauthorized access, modify device configurations, and potentially move laterally within the network, posing severe risks to organizational data and operational integrity.
Given the critical nature of this vulnerability and the widespread use of Fortinet products in securing enterprise and government networks, organizations must act promptly to upgrade vulnerable devices and investigate any signs of compromise. Using Fortinet’s official upgrade tool can simplify the upgrade process, while staying updated on advisories and enhancing security measures are essential steps in safeguarding network infrastructure.
If organizations suspect their systems have been compromised, they are urged to report the issue immediately to the ACSC or their cybersecurity team. Protecting systems from this Fortinet vulnerability is crucial for ensuring the security of organizational data and operations. Taking proactive measures now can help prevent potential breaches and unauthorized access to sensitive information.