Fortinet Edge Devices Face Cyber Attacks
Recently, there have been reports of hackers potentially bypassing a patch for Fortinet gateway devices, prompting a warning from the U.S. federal government about active exploitation. This issue highlights the importance of governance and risk management, patch management, and vulnerability assessment and penetration testing (VA/PT) in cybersecurity.
It has been suggested that there may be another zero-day vulnerability in Fortinet devices that has not yet been officially identified. This raises concerns about the security of these devices, especially given the increased attention from nation-state hackers in recent years. For example, a Chinese cyberespionage campaign targeting FortiGate security appliances earlier this year was found to be much larger than previously thought.
The specific vulnerability, CVE-2024-23113, allows attackers to crash the Linux operating system on Fortinet devices by sending a specially formatted string. Despite a patch being released in February, there are indications that the flaw may not have been fully resolved, potentially leaving devices vulnerable to exploitation.
Security experts have noted the sudden removal of proof-of-concept repositories for exploits targeting CVE-2024-23113 from GitHub, indicating ongoing concerns about the vulnerability. Fortinet has advised customers to update their firewall rules to protect against potential attacks, suggesting that the issue may be more widespread than initially thought.
In addition to CVE-2024-23113, there are concerns about another undisclosed vulnerability in Fortinet devices, according to security researcher Kevin Beaumont. If confirmed, this would add to the list of critical vulnerabilities that customers have had to address this year, further highlighting the need for robust cybersecurity measures.
Edge devices, like those manufactured by Fortinet, are increasingly targeted by hackers due to their critical role in network infrastructure. Unlike endpoint devices, edge devices may not receive regular patch updates, making them attractive targets for attackers. Once compromised, these devices can serve as a gateway to the rest of the network, posing significant risks to organizations.
In conclusion, the recent cyber attacks targeting Fortinet edge devices serve as a reminder of the evolving threat landscape facing organizations. By prioritizing governance, risk management, and proactive security measures, businesses can better protect themselves against emerging threats and safeguard their critical assets.
