Zero-Day Flaw Exposed in Fortinet FortiGate Firewalls

A series of recent attacks on Fortinet FortiGate firewalls is likely to be attributed to a zero-day flaw. The attacks target devices with management interfaces exposed on the public Internet, allowing attackers to make unauthorized administrative logins, create new accounts, and perform SSL VPN authentication.

Researchers Identify Campaign

Researchers at Arctic Wolf have been tracking the campaign since they first noticed suspicious activity on FortiGate devices in early December. The researchers revealed their findings in a post, highlighting the vulnerability in Fortinet devices.

Vulnerability and Attack Vector

Fortinet devices are a popular target for threat actors, with vulnerabilities found in the products widely exploited to breach networks. To protect against attack, organizations should never expose Fortinet device management interfaces on the public Internet, regardless of the product specifics. Instead, access to these interfaces should be limited to trusted internal users.

Expanding Attack Surface

When such interfaces are left open on the public internet, it expands the attack surface available to threat actors, opening up the potential to identify vulnerabilities that expose features that are meant to be limited to trusted administrators. This highlights the importance of securing management interfaces and limiting access to trusted internal users.

Best Practices for Fortinet Devices

Administrators should follow the common best practice of regularly updating firmware on the devices to patch any flaws or other security issues. Additionally, organizations should ensure that syslog monitoring is configured for all of an organization’s firewall devices to increase the likelihood of catching malicious activity early.

Conclusion

The recent attacks on Fortinet FortiGate firewalls serve as a reminder of the importance of securing management interfaces and limiting access to trusted internal users. By following best practices and staying up-to-date with the latest security patches, organizations can reduce the risk of attack and protect their networks.