Hackers Claim They Are Selling FortiGate Firewall Access

Uploaded on 2025-04-18 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

A threat actor has advertised a zero-day exploit targeting FortiGate firewall products form Fortinet on a prominent Dark Web forum. The exploit claims to enable unauthenticated remote code execution (RCE) and full configuration access to FortiOS, allowing attackers to seize control of vulnerable devices without needing credentials.

This alarming development has raised concerns amongst some users about the security of Fortinet firewalls, widely used in enterprises and government agencies globally.

The forum post observed by ThreatMon claims to have extensive capabilities, including access to sensitive configuration files extracted from compromised devices. The exploit appears to target versions of FortiOS vulnerable to authentication bypass flaws, something which has been a recurrent problem with Fortinet products.

These files are purported to include:

Local user credentials: Encrypted passwords stored.

Admin account details: Permissions and trust relationships documented.

Two-factor authentication (2FA) status: Information on FortiToken configurations.

Firewall policies and network configurations: Complete rule sets, NAT mappings, internal IP assets, and address groups.

Such data could allow attackers to bypass security measures, infiltrate networks, and potentially launch further attacks.

Fortinet has quickly taken steps to mitigate this issue to deal with the challenges that the customer might face, issuing specific advice and urging customers to update their devices to protect against further risks of compromise to their systems.

Image: Ideogram

You Might Also Read:

Medusa Ransomware Group: Delivering Sophisticated Attacks:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.