Cyber Campaign Targets Fortinet Firewalls via Vulnerability
/ 1 min read
🔑 New Cyber Campaign Targets Fortinet Firewalls, Exploiting Zero-Day Vulnerability. A recent analysis by Arctic Wolf highlights a cyber campaign that has compromised Fortinet FortiGate firewall devices with exposed management interfaces on the public internet. Initiated around mid-November 2024, attackers gained unauthorized access, created super admin accounts, and established SSL VPN tunnels for lateral movement and credential extraction using DCSync. The campaign’s rapid progression suggests exploitation of a zero-day vulnerability, affecting firmware versions 7.0.14 to 7.0.16. Fortinet has since identified a critical authentication bypass vulnerability (CVE-2024-55591) that allows remote attackers to gain super-admin privileges. Organizations are urged to secure their firewall management interfaces and limit access to trusted users to mitigate risks.
