Fortinet Fiasco: Hackers Outsmart Patches, Keep Sneaky Access!
Fortinet has disclosed that attackers are keeping read-only access to FortiGate devices even after patching. They’ve cleverly used symbolic links to stick around, evading detection. While Fortinet rolls out updates, the U.S. Cybersecurity and Infrastructure Security Agency urges users to reset credentials and consider disabling SSL-VPN until patches are applied.
Hot Take:
Fortinet’s latest cybersecurity pickle is like a game of whack-a-mole, but the moles are Internet trolls with a penchant for read-only access. They’re sticking around even after the initial party’s over, proving once again that when it comes to cyber threats, you can patch the hole but you can’t always keep the pests out. It’s a classic case of ‘I came, I saw, I left a symlink.’
Key Points:
- Threat actors are maintaining read-only access to FortiGate devices even after vulnerabilities are patched.
- Exploited vulnerabilities include CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762.
- A symbolic link technique was used to maintain access, evading detection.
- Fortinet released updates to FortiOS to mitigate this issue.
- CISA and CERT-FR have issued advisories for further protective measures.
Already a member? Log in here