This alert is relevant to Australian organisations who utilise Fortinet products. This alert is intended to be understood by technical users.
Customers are encouraged to update their devices and investigate for potential compromise.
Background / What has happened?
- Fortinet has released information regarding their observation of active exploitation of previously known vulnerabilities affecting Fortinet devices, including:
- FG-IR-24-015: Out-of-bound Write in sslvpnd
- FG-IR-23-097: Heap buffer overflow in sslvpn pre-authentication
- FG-IR-22-398: Heap-based buffer overflow in sslvpnd.
- Fortinet have previously released patches for these vulnerabilities.
- The observed post exploitation activity relates to either unpatched devices or those that were compromised prior to patching.
- Further information can be found at Fortinet’s advisory page Analysis of Threat Actor Activity | Fortinet Blog.
Mitigation / How do I stay secure?
The ASD’s ACSC recommends businesses, organisations and government entities:
- Follow Fortinet’s published advice relating to this activity.
- Upgrade to the latest versions of affected products.
- Review configuration of all affected products for potential modification and compromise.
- Monitor and investigate for suspicious activity in connected environments.
Further information is available at Analysis of Threat Actor Activity | Fortinet Blog
Assistance / Where can I go for help?
Organisations that have been impacted, suspect impact or require advice and assistance can contact us via 1300 CYBER1 (1300 292 371) or asd.assist@defence.gov.au.