Hackers Actively Exploits Patched Fortinet FortiGate Devices to Gain Root Access

To bolster defenses, Fortinet has introduced enhanced security features in recent updates, including compile-time hardening, virtual patching, firmware integrity validation, and automated upgrade tools like Uninterrupted Cluster Upgrade and Automatic Patch Upgrades. Fortinet has uncovered a sophisticated post-exploitation technique used by a threat actor to maintain unauthorized access to FortiGate devices, even after initial vulnerabilities were patched. According to Fortinet’s findings, the threat actor exploited known vulnerabilities previously identified as FG-IR-22-398, FG-IR-23-097, and FG-IR-24-015—to gain access to FortiGate devices. The company emphasized the urgency of timely updates, citing its 2H 2023 Global Threat Landscape Report, which found that threat actors exploit known vulnerabilities within an average of 4.76 days of public disclosure. With over 40,000 vulnerabilities recorded in 2024, according to NIST data, Fortinet’s message is clear: staying vigilant and up to date is the best defense against today’s cyber threats. The discovery, detailed in a recent Fortinet investigation, highlights the persistent risks of unpatched systems and underscores the company’s commitment to responsible transparency and rapid response. Upon identifying the technique, Fortinet activated its Product Security Incident Response Team (PSIRT) and implemented immediate mitigations. Fortinet recommends that all customers impacted or not upgrade to the patched versions and follow recovery steps outlined in its community resources. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Customers seeking guidance can access Fortinet’s best practice resources or contact the company directly for support. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security. Alarmingly, the link could persist even after devices were updated to address the original vulnerabilities, leaving systems exposed. In a novel approach, the actor created a symbolic link between the user and root filesystems in a folder serving language files for SSL-VPN.

This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 12 Apr 2025 05:55:14 +0000

Cyber News related to Hackers Actively Exploits Patched Fortinet FortiGate Devices to Gain Root Access

Hackers Actively Exploits Patched Fortinet FortiGate Devices to Gain Root Access - To bolster defenses, Fortinet has introduced enhanced security features in recent updates, including compile-time hardening, virtual patching, firmware integrity validation, and automated upgrade tools like Uninterrupted Cluster Upgrade and Automatic ...
12 hours ago Cybersecuritynews.com

Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks - Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. The advisory says that when the threat ...
1 day ago Bleepingcomputer.com CVE-2022-42475

Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
10 months ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109

Exploitation activity increasing on Fortinet vulnerability - Exploitation activity appears to be ramping up against a critical Fortinet vulnerability that was disclosed and patched last month. In a security advisory on Feb. 8, Fortinet detailed a zero-day vulnerability in FortiOS, tracked as CVE-2024-21762 or ...
1 year ago Techtarget.com CVE-2024-21762 CVE-2024-27162

Fortinet: Symlink trick gives access to patched FortiGate VPN devices - Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. The advisory says that when the threat ...
1 day ago Bleepingcomputer.com CVE-2022-42475

CISA warns Fortinet zero-day vulnerability under attack - CISA urged users to address two critical Fortinet vulnerabilities in products that are commonly targeted by the Chinese nation-state threat group Volt Typhoon, and one flaw is already being exploited in the wild. Fortinet published two separate ...
1 year ago Techtarget.com CVE-2024-21762 CVE-2024-22024 CVE-2023-27997 CVE-2024-23113 Volt Typhoon

A look at Fortinet's week to forget The Register - Security researchers have urged users to patch vulnerable VPNs as soon as possible since the vulnerability is understood to be easily exploitable. The only workaround recommended by Fortinet is to disable the SSL VPN. Disabling webmode won't mitigate ...
1 year ago Go.theregister.com CVE-2024-23113 CVE-2024-23108 CVE-2024-23109 CVE-2023-34992

Netherlands reveals Chinese spies attacked its defense dept The Register - Dutch authorities are lifting the curtain on an attempted cyberattack last year at its Ministry of Defense, blaming Chinese state-sponsored attackers for the espionage-focused intrusion. Specialists from the Netherlands' Military Intelligence and ...
1 year ago Go.theregister.com CVE-2022-42475

New Fortinet RCE bug is actively exploited, CISA confirms - CISA confirmed today that attackers are actively exploiting a critical remote code execution bug patched by Fortinet on Thursday. The flaw is due to an out-of-bounds write weakness in the FortiOS operating system that can let unauthenticated ...
1 year ago Bleepingcomputer.com CVE-2023-34992 Volt Typhoon

New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
9 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109 Rocke

Fortinet Warns of Yet Another Critical RCE Flaw - Fortinet has patched a critical remote code execution vulnerability in its FortiClient Enterprise Management Server for managing endpoint devices. The flaw, identified as CVE-2024-48788, stems from an SQL injection error in a direct-attached storage ...
1 year ago Darkreading.com CVE-2024-48788 CVE-2023-27997 CVE-2022-40684 CVE-2023-34993 CVE-2023-34991 CVE-2023-48782 CVE-2023-42783 Volt Typhoon

New SuperBlack ransomware exploits Fortinet auth bypass flaws - A new ransomware operator named 'Mora_001' is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack. When Fortinet first disclosed CVE-2024-55591 on ...
4 weeks ago Bleepingcomputer.com LockBit CVE-2024-55591

Fortinet unveils networking solution integrated with Wi-Fi 7 - Fortinet announced a comprehensive secure networking solution integrated with Wi-Fi 7. Fortinet's first Wi-Fi 7 access point, FortiAP 441K, delivers increased speed and capacity, and the new FortiSwitch T1024 is purpose-built with 10 Gigabit Ethernet ...
1 year ago Helpnetsecurity.com

Fortinet warns of critical command injection bug in FortiSIEM - Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests. FortiSIEM is a ...
1 year ago Bleepingcomputer.com CVE-2023-36553 CVE-2023-34992 LockBit

Fortinet enhances its OT security solutions and services - Fortinet announced the latest release of new, integrated operational technology security solutions and services. These additions further distance Fortinet's industry-leading OT Security Platform from the rest of the market. The number of industrial ...
1 year ago Helpnetsecurity.com Rocke

China Caught Deploying Remote Access Trojan Tailored for FortiGate Devices - The Military Intelligence and Security Service of the Netherlands has issued a warning regarding the discovery of a new strain of malware believed to be orchestrated by the Chinese government. In a recent advisory, MIVD disclosed that Coathanger was ...
1 year ago Cysecurity.news CVE-2022-42475

133k+ Fortinet appliances still vulnerable to CVE-2024-21762 The Register - The volume of Fortinet boxes exposed to the public internet and vulnerable to a month-old critical security flaw in FortiOS is still extremely high, despite a gradual increase in patching. According to security nonprofit Shadowserver's latest data, ...
1 year ago Go.theregister.com CVE-2024-21762 CVE-2023-48788 Volt Typhoon

New Fortinet RCE flaw in SSL VPN likely exploited in attacks - Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks. The flaw received a 9.6 severity rating and is an out-of-bounds write vulnerability in FortiOS that allows ...
1 year ago Bleepingcomputer.com CVE-2024-23113 CVE-2023-44487 CVE-2023-47537 CVE-2024-21762 Volt Typhoon

Critical FortiSwitch flaw lets hackers change admin passwords remotely - "An unverified password change vulnerability [CWE-620] in FortiSwitch GUI may allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request," Fortinet says. Fortinet has released security patches for a critical ...
3 days ago Bleepingcomputer.com CVE-2024-54024

Fortinet warns of critical RCE bug in endpoint management software - Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server software that can allow attackers to gain remote code execution on vulnerable servers. FortiClient EMS enables admins to manage endpoints connected to an ...
1 year ago Bleepingcomputer.com CVE-2023-48788 CVE-2024-21762 Volt Typhoon

Fortinet Adds Generative AI Tool to Security Operations Portfolio - Fortinet today added a generative artificial intelligence tool to its portfolio to eliminate a range of manual tasks that security operations teams would otherwise need to perform. John Maddison, chief marketing officer for Fortinet, said Fortinet ...
1 year ago Securityboulevard.com

CISA orders federal agencies to patch Looney Tunables Linux bug - Today, CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions. Dubbed 'Looney Tunables' by Qualys' Threat Research Unit and ...
1 year ago Bleepingcomputer.com CVE-2023-4911 CVE-2023-46604

How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
2 years ago Hackread.com

CVE-2021-41769 - A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < ...
3 years ago

20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
1 week ago Cybersecuritynews.com

Hackers Actively Exploits Patched Fortinet FortiGate Devices to Gain Root Access

Cyber News related to Hackers Actively Exploits Patched Fortinet FortiGate Devices to Gain Root Access

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)