Australia's official cybersecurity watchdogs are alerting that a critical vulnerability that affects Fortinet firewalls is being actively exploited by threat actors.
The vulnerability allows a remote attacker to acquire "super-admin" privileges via specially crafted requests to the Node.js Javascript runtime websocket module, Fortinet said it's security advisory.
Affected products include the FortiOS operating system and the FortiProxy utility.
FortiOS 7.0.0 to 7.0.16, along with FortiProxy 7.0.0 to 7.0.19 and 7.2.0 to 7.2.12 are affected by the vulnerability.
Users with vulnerable software versions should upgrade as soon as possible.
For the above, users of the FortiOS 7.0 main branch should upgrade to 7.0.17 or better.
FortiProxy 7.0 users should upbrade to 7.0.20 or better, and 7.2 users should move to 7.2.13 or above, Fortinet said.
Meanwhile, security researcher Kevin Beaumont covered a separate security breach involving Fortinet firewalls, which saw hackers release configuration files from just over 15,000 unique devices.
Beaumont said he has confirmed the data dump is real as the devices listed in it can be found via the Shodan.io vulnerability scanner and share the same unique serial numbers.
The data dump contains user names, passwords (some in plain text), device management digital certificates, and all firewall rules, Beaumont said.
A mitigating factor is that the data was assembled in 2022 and is likely to be years old.
However, Beaumont said that "even if you patched back in 2022, you may still have been exploited as the configs were dumped years ago and only just released — you probably want to find out when you patched this vuln. Having a full device config including all firewall rules is… a lot of information."
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
