If you could simply leave your office with the door open, this is what is currently happening to your Fortinet Devices. Currently, according to security researchers there are more than 25,000 Fortinet devices exposed to remote attack via FortiCloud SSO. All the attackers need to gain access is to log into the network from anywhere at any time.
What’s The Issue?
FortiCloud SSO has made it easy for administrators to log into their Fortinet devices from anywhere. But because of a vulnerability that has been exposed, anyone can use FortiCloud SSO to gain administrative access remotely without permission. Once the attacker gains administrative access to the Fortinet device they can view, as well as download, sensitive information regarding the system.So What Information Can An Attacker Download?
If an attacker gains access they have access to:- Network Settings
- Firewall Rules
- Passwords stored in the system
- Details regarding the company's internal systems
How Big Is the Risk?
Security researchers found that there are upwards of 25,000 exposed Fortinet devices worldwide, most of which are located in the following geographical regions:- United States
- India
- Europe and other areas
What Actions Should You Take Immediately?
If you own any Fortinet product, then you should do these things:- Look to see if there are any available Security Updates (SU) available for you and install all applicable Security Updates.
- Disable FortiCloud SSO service until Security Updates have been installed.
- Review your Administrators' access permissions.
