FortiJump Fiasco: New Vulnerability Takes Security to New Lows!

FortiJump Higher, a new vulnerability discovered in FortiManager, defies Fortinet’s patching efforts. Researchers claim Fortinet patched the wrong code, leaving systems vulnerable. Threat actors are likely exploiting both FortiJump and FortiJump Higher, posing a significant security risk. Fortinet has been informed, but the vulnerability remains unaddressed in patched versions.

3P
Published: November 15, 2024 12:22 pmAdded: November 15, 2024 at 4:45 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like Fortinet’s security patch is about as effective as a screen door on a submarine! With FortiJump Higher, they’ve managed to give hackers a VIP pass to their entire network. Bravo, Fortinet!

Key Points:

  • WatchTowr discovered a new vulnerability, dubbed “FortiJump Higher,” in FortiManager.
  • The supposed patch from Fortinet is reportedly ineffective for all exploit methods.
  • Adversaries can escalate privileges from a managed FortiGate appliance to the central FortiManager appliance.
  • WatchTowr claims the low complexity of these vulnerabilities questions the overall quality of the FortiManager codebase.
  • Fortinet has been informed of these new findings, but no public response has yet been made.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?