FlagThis

A zero-day vulnerability in Fortinet firewalls is being actively exploited by attackers. The flaw allows attackers to compromise systems with exposed interfaces. There is a mass exploitation campaign against Fortinet firewalls that peaked in December 2024. Fortinet has released a patch (CVE-2024-55591). It is suspected that the attackers may have been exploiting a zero-day vulnerability before the patch was released. Organizations using Fortinet firewalls are strongly advised to apply the patch as soon as possible.

ImgSrc: arcticwolf.com

References:

• Arctic Wolf - Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls - 2d
• @screaminggoat - Arctic Wolf observed a recent campaign affecting Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. - 2d
• arcticwolf.com - Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls - 1d
• ciso2ciso.com - Miscreants ‘mass exploited’ Fortinet firewalls, ‘highly probable’ zero-day used – Source: go.theregister.com - 15h
• The Hacker News - Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces - 15h
• CISO2CISO.COM & CYBER SECURITY GROUP - Miscreants ‘mass exploited’ Fortinet firewalls, ‘highly probable’ zero-day used – Source: go.theregister.com - 4h
• www.helpnetsecurity.com - Fortinet firewall zero-day exploited by attackers since November, patch is finally out - 4h

Classification:

• HashTags: Fortinet ZeroDay Firewall
• Company: Fortinet
• Target: Fortinet Firewall users
• Product: FortiGate
• Feature: Zero-day Exploit
• Type: 0Day
• Severity: Major