Security News > 2025 > January > 48,000+ internet-facing Fortinet firewalls still open to attack
2025-01-22 12:27
Despite last week’s confirmation of and warnings about long-standing exploitation of CVE-2024-55591, a critical vulnerability affecting Fortinet Fortigate firewalls, too many vulnerable devices are still accessible from the Internet and open to attack: over 48,000, according to data from the Shadowserver Foundation. CVE-2024-55591 exploitation On January 10, Artic Wolf Labs researchers outlined an attack campaign targeting FortiGate firewalls with management interfaces exposed on the public internet by exploiting a zero-day vulnerability. It involved attackers scanning … More → The post 48,000+ internet-facing Fortinet firewalls still open to attack appeared first on Help Net Security.
News URL
Related news
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used (source)
- Fortinet warns of auth bypass zero-day exploited to hijack firewalls (source)
- Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them? (source)
- Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- 5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) (source)
- Fortinet warns of new zero-day exploited to hijack firewalls (source)
- Fortinet discloses second firewall auth bypass patched in January (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-14 | CVE-2024-55591 | Unspecified vulnerability in Fortinet Fortios and Fortiproxy An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. | 9.8 |