- Fortinet publishes an advisory urging users to apply the available patch
- Security researchers warn that bug is being exploited en masse
- CISA added the ruling to its KEV catalog
A zero-day vulnerability in firewalls created by Fortinet is being exploited en masse to breach corporate networks and possibly deploy ransomware, the company confirmed, with findings supported by several cybersecurity researchers.
The company recently published a security advisory detailing a critical vulnerability in FortiGate firewalls. Registered as CVE-2024-55591, this authentication bypass received a severity score of 9.8 and was said to affect FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19, and 7.2.0 to 7.2. 12.
It was said that malicious actors can abuse the bug to gain super administrator privileges.
Mass exploitation
In the advisory, Fortinet said the bug was “being exploited in the wild” and took the opportunity to release a patch.
However, cybersecurity researcher Arctic Wolf said the bug was already being exploited massively when it was zero-day (before the patch).
talking to TechCrunchArcticWolf’s principal threat intelligence researcher, Stefan Hostetler, said the company saw a cluster of intrusions affecting “dozens” of Fortinet devices, but added that it likely “only represents a limited sample compared to the actual total number.” of affected endpoints. Unfortunately, no one could confirm even an estimated number of victims.
Investigators were also unable to attribute the attack to any particular threat actor. However, researcher Kevin Beaumont suggested that at least one of the threat actors is a ransomware operator. “They have a copy of an exploit and use it for initial access and transfer for lateral movement,” he said.
Yesterday, the US Cybersecurity and Infrastructure Security Agency (CISA) added four new vulnerabilities to its catalog of exploited flaws, including this FortiGate bug, meaning federal agencies have until February 4, 2025 to apply the patch or stop using FortiGate completely.
