Announcement

Collapse
No announcement yet.

Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities

    Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet RCE vulnerabilities within FortiOS and FortiGate products. This malicious file could enable read-only access to files on the devices’ file system, which may include configurations.

    See the following resource for more information:
    CISA encourages administrators to review Fortinet’s advisory and:
    • Upgrade to FortiOS versions 7.6.2, 7.4.7, 7.2.11, 7.0.17, 6.4.16 to remove the malicious file and prevent re-compromise.
    • Review the configuration of all in-scope devices.
    • Reset potentially exposed credentials.
    • As a work-around mitigation until the patch is applied, consider disabling SSL-VPN functionality, as exploitation of the file requires the SSL-VPN to be enabled.

    Organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at Report@cisa.gov or (888) 282-0870.

    For more mitigation information: Recommended steps to execute in case of a... - Fortinet Community.





    Click here to view the article.
Working...
X