web analytics

Fortinet Edge Devices Under Attack – Again – Source: www.databreachtoday.com

fortinet-edge-devices-under-attack-–-again-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author:

Governance & Risk Management , Patch Management , Vulnerability Assessment & Penetration Testing (VA/PT)

Hackers May Have Reverse-Engineered February Patch David Perera (@daveperera) • October 16, 2024    

Fortinet Edge Devices Under Attack - Again
Image: Shutterstock

Hackers may have circumvented a months-old patch for Fortinet gateway devices leading to a warning from the U.S. federal government over its active exploitation.

See Also: Critical Condition: How Qilin Ransomware Endangers Healthcare

At least one security researcher says Fortinet also faces the prospect of another zero-day vulnerability that hasn’t yet been codified through the Common Vulnerabilities and Exposures system.

The Silicon Valley firewall and VPN maker is among the crowd of edge device makers that have seen nation-state hacker attention skyrocket over the past two years. A Chinese cyberespionage campaign targeting FortiGate security appliances spotted by the Dutch National Cyber Security Center in February proved to be “much larger than previously known,” the agency warned in June.

The U.S. federal advisory, transmitted Oct. 9 by the Cybersecurity and Infrastructure Security Agency, said hackers are actively exploiting, CVE-2024-23113. The flaw allows attackers to convey a specially formatted string that crashes the bespoke Linux operating system powering Fortinet devices. Hackers can include in the string instructions for adding a user or pushing configuration updates.

Fortinet in February patched the flaw, which is rated 9.8 on the CVSS scale of 10, making its application critical. Internet scans by the Shadowserver Foundation show roughly 88,000 vulnerable instances worldwide.

Some security researchers say it appears the February patch didn’t fully squash the bug.

“What I strongly suspect happened is Fortinet patched it, they didn’t rigorously test the entire function, and then someone – most likely a nation-state actor – discovered they could use a lightly modified attack to exploit the same flaw,” said Bobby Kuzma, director of offensive cyber operations at ProCircular.

Indicators pointing that direction include the sudden disappearance over the past week from GitHub of proof-of-concept repositories for CVE-2024-23113 exploits – evidence of concern by cybersecurity specialists over the flaw, Kuzma told Information Security Media Group.

Fortinet also advised customers over the weekend to update their firewall rules, suggesting an attack based on a specific string pattern or from a very limited set of IP addresses, he added. ISMG has not seen the advisory, which one systems administrator described as carrying “TLP:AMBER+STRICT” disclosure limits.

The advisory is evidence of a separate vulnerability from CVE-2024-23113, asserted security researcher Kevin Beaumont on Wednesday.

If Beaumont is correct – and Fortinet did not return multiple attempts for comment – the zero-day would be the latest in a series of vulnerabilities rated critical or high that Fortinet customers have had to mitigate this year. Of the 27 CVEs Fortinet has recorded so far this year, nearly four out of 10 rate at least a 7 on the CVSS scale, including a February zero-day exploited in the wild.

Edge device and network infrastructure vulnerabilities tend to rate high in metrics of cybersecurity urgency, WithSecure found in June. The number of edge device and infrastructure flaws that CISA warns are actively exploited has also appreciably risen this year compared to the last, the cybersecurity company said.

Unlike endpoint devices, edge devices aren’t put on a regular tempo of patch updates, Kuzma said. But they’re not necessarily hard to exploit. “Most of the appliances are literally Linux boxes with fancy cases. They’re standard Linux systems that have all of the power and capability and familiarity you get with that.”

Hackers have turned to edge devices as endpoints become harder to hack – and because they’re often not subject to rigorous detection and logging requirements. And once hackers find their way inside an edge device, most don’t have “any restriction on talking to the rest of the network environment,” Kuzma said.

Original Post url: https://www.databreachtoday.com/fortinet-edge-devices-under-attack-again-a-26545

Category & Tags: –

Views: 10

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Codrut Andrei
Secure Software Development Lifecycle Fundamentals by Codrut Andrei
Secure Software Development Lifecycle Fundamentals...
BUTTERWORTH-HEINEMANN
Security Operations Center Guidebook – A Practical Guide for a Successful SOC
Security Operations Center Guidebook –...
CISO Forum
CISO’s – First 100 Days Roadmap – Your success as a security leader is determined largely by your first 100 days in the role.
CISO’s – First 100 Days...
RedHat
State of Kubernetes Security Report 2022 by RedHat
State of Kubernetes Security Report...
National Cyber Security
Cyber Security Toolkit for Boards – Helping board members to get to grips with cyber security by NCSC
Cyber Security Toolkit for Boards...
WILEY
Cybercrime Investigators Handbook by WILEY
Cybercrime Investigators Handbook by WILEY
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

CYZEA.IO
Enterprise Information Security
Enterprise Information Security
IGNITE Technologies
ENCRYPTED REVERSE
ENCRYPTED REVERSE
Federal Office for Information Security
El estado de la seguridad informática en Alemania en 2023
El estado de la seguridad...
Microsoft
GDPR & Generative AI
GDPR & Generative AI
European Union Agency for Fundamental Rights
GDPR IN PRACTICE
GDPR IN PRACTICE
FS.ISAC
Navigating Cyber
Navigating Cyber
KPMG
Fraud risk management
Fraud risk management
CYFIRMA
Fletchen Stealer
Fletchen Stealer
IGNITE Technologies
FILE TRANSFER CHEAT SHEET
FILE TRANSFER CHEAT SHEET
Securesee
CYBER CRISIS INVESTIGATION AND MANAGEMENT
CYBER CRISIS INVESTIGATION AND MANAGEMENT
ACN
Guidelines for secure AI system development
Guidelines for secure AI system...
Incibe
Ciberseguridad en Smart Toys
Ciberseguridad en Smart Toys

More Latest Published Posts

Kaspersky
Incident Response Playbook: Dark Web Breaches
Incident Response Playbook: Dark Web Breaches
ninjaOne
Endpoint Hardening Checklist
Endpoint Hardening Checklist
HADESS
Important Active Directory Attribute
Important Active Directory Attribute
ISA GLOBAL CYBERSECURITY ALLIANCE
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
Rajneesh Gupta
IAM Security CHECKLIST
IAM Security CHECKLIST
sqrrl
Hunt Evil
Hunt Evil
Searchinform
How to protect personal data and comply with regulations
How to protect personal data and comply with regulations
Giuseppe Manco
Threat Intelligence Platforms
Threat Intelligence Platforms
CSA Cloud Security Alliance
Hardware Security Module(HSM) as a Service
Hardware Security Module(HSM) as a Service
IGNITE Technologies
CREDENTIAL DUMPING FAKE SERVICES
CREDENTIAL DUMPING FAKE SERVICES
IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos
INNOVERY
RESILIENCIA
RESILIENCIA
CEH
Certifications Preparation Guide
Certifications Preparation Guide
Sandhya Kaushik
Checklist for Securing Your Android Apps
Checklist for Securing Your Android Apps
aDvens
May Cyber Threat Intelligence monthly report
May Cyber Threat Intelligence monthly report
Insikt Group
Caught in the Net
Caught in the Net
IGNITE Technologies
BURP SUITE FOR PENTESTER TURBO INTRUDER
BURP SUITE FOR PENTESTER TURBO INTRUDER
SYED ABUTHAHIR
BUG BOUNTY AUTOMATION WITH PYTHON
BUG BOUNTY AUTOMATION WITH PYTHON
Foresiet
Brand Impersonation Attacks
Brand Impersonation Attacks
Google Cloud
Board of Directors Handbook for Cloud Risk Governance
Board of Directors Handbook for Cloud Risk Governance
ISACA
Blueprint for Ransomware Defense
Blueprint for Ransomware Defense