Global Fortinet Breach: 14,000 Devices Compromised by New Exploit Technique
Cybersecurity Dive
|
Contributed by: Drex DeFord
Summary
Over 14,000 Fortinet devices globally have been compromised through a new post-exploitation technique that allows attackers to maintain access even after security patches are applied. The Shadowserver Foundation indicated that exploitations of known vulnerabilities—CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762—allowed for unauthorized access, with a symlink-based persistence mechanism enabling continued access to sensitive files. The majority of affected devices are located in Asia, particularly in the United States, Japan, Taiwan, and China. In light of these risks, CERT NZ has issued an advisory on the ongoing exploitation of Fortinet vulnerabilities since 2023.
