Malicious hackers are exploiting a newly discovered vulnerability in Fortinet firewalls to break into corporate and enterprise networks, security researchers say.
in Advisory bulletin on TuesdaySecurity product maker Fortinet has confirmed that a critically rated vulnerability in FortiGate firewalls, tracked as CVE-2024-55591, is “being exploited at large.”
Fortinet has made the patches available, but security researchers have warned that hackers have been widely exploiting the vulnerability as a zero-day — that is, before Fortinet became aware of the vulnerability and provided fixes — since December.
This is the latest example of hackers exploiting a vulnerability in a popular enterprise security product designed to protect corporate networks from hackers. News of the Fortinet bug arrived days after it was revealed Attackers are exploiting a separate zero-day vulnerability in Ivanti VPN servers Which allows access to customer networks.
Cybersecurity firm Arctic Wolf said in… Blog post Last week its researchers observed a recent “mass exploit” campaign affecting Fortinet FortiGate firewall appliances with management interfaces exposed to the public internet.
Stefan Hostler, principal researcher for threat intelligence at Arctic Wolf, confirmed to TechCrunch that this observed exploit is related to the newly confirmed CVE-2024-55591 vulnerability in Fortinet firewalls.
Hostetler told TechCrunch that Arctic Wolf “observed a cluster of intrusions that affected Fortinet devices by the dozens,” but noted that this represents only a “limited sample compared to the actual total number of devices potentially affected.”
“Evidence indicates an attempt to exploit a large number of devices within a narrow period of time,” Hostetler added.
When contacted by TechCrunch, Fortinet spokeswoman Tiffany Corsi declined to say how many Fortinet customers were compromised as a result of this hacking campaign, but said the company is “proactively reaching out to customers.”
It is also unclear who is behind the attacks on Fortinet’s firewalls, but cybersecurity researcher Kevin Beaumont He writes on Mastodon The vulnerability is “being exploited by a ransomware operator.”
Ransomware attacks exploiting the vulnerability are “not out of the question,” Hostetler said, noting that in previous research, Arctic Fox noted “affiliates of ransomware groups like Akira and Fog use some of the same network providers to establish a VPN connection.”
in Summary statement On Tuesday, US cybersecurity agency CISA urged Fortinet customers to update any affected devices.
In September, Fortinet disclosed the hack Customer data involved after an attacker accessed a “limited number of files” stored on an organization’s third-party shared cloud drive.
https://techcrunch.com/wp-content/uploads/2025/01/fortinet-router-bug-exploited.jpg?resize=1200,802
Source link