Oh man, Fortinet *yet again*! A symlink bug that *still grants* read-only access even after updates? Seriously, that's my kind of 'funny'!

It just goes to show how crucial manual testing really is. You know, the kind of thing automated scans often just don't catch. Our clients are *always* relieved when we spot these things before a malicious actor does!

So yeah, updates are vital, but *don't forget* to double-check those configs! Otherwise, attackers might still have a foothold, even after you've 'patched'.

Just remember: Security isn't just a product you buy; it's an ongoing process. And let's be real, it also needs to fit the budget.

What persistence tricks do you all have up your sleeve?

Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit – Source:thehackernews.com https://ciso2ciso.com/fortinet-warns-attackers-retain-fortigate-access-post-patching-via-ssl-vpn-symlink-exploit-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Fortinet

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices https://www.helpnetsecurity.com/2025/04/11/fortios-fortigate-vulnerabilities-symlink-trick-limited-access/ #vulnerability #Don'tmiss #Hotstuff #Fortinet #FortiOS #News #BSI

CISA: Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities https://www.cisa.gov/news-events/alerts/2025/04/11/fortinet-releases-advisory-new-post-exploitation-technique-known-vulnerabilities #CISA #Fortinet #cybersecurity #Infosec

Fortinet, from yesterday: Analysis of Threat Actor Activity @fortinet

Critical #FortiSwitch flaw lets hackers change admin passwords remotely

https://www.bleepingcomputer.com/news/security/critical-fortiswitch-flaw-lets-hackers-change-admin-passwords-remotely/

Fortinet : cette faille critique dans FortiSwitch permet de changer le mot de passe admin à distance https://www.it-connect.fr/fortinet-faille-critique-fortiswitch-changer-le-mot-de-passe-admin-cve-2024-48887/ #ActuCybersécurité #Cybersécurité #Fortinet

Configurar BGP en firewalls FortiGate #fortinet #bgp #fortigate #redes
https://nosololinux.es/configurar-bgp-en-firewalls-fortigate/

When you are at work and realize half the Fediverse and most Anarchist media is blocked by Fortinet!

FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887) https://www.helpnetsecurity.com/2025/04/10/fortiswitch-vulnerability-cve-2024-48887/ #vulnerability #networking #Don'tmiss #Hotstuff #Fortinet #News

Fortinet Patches Critical FortiSwitch Vulnerability – Source: www.securityweek.com https://ciso2ciso.com/fortinet-patches-critical-fortiswitch-vulnerability-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #vulnerabilities #securityweekcom #Vulnerability #securityweek #Fortinet

Critical #Fortinet #FortiSwitch flaw allows remote attackers to change admin passwords
https://securityaffairs.com/176380/security/fortinet-fortiswitch-flaw.html
#securityaffairs #hacking

Fortinet Patches Critical FortiSwitch Vulnerability https://www.securityweek.com/fortinet-patches-critical-fortiswitch-vulnerability/ #Vulnerabilities #vulnerability #Fortinet

Fortinet Patches Critical FortiSwitch Vulnerability https://www.securityweek.com/fortinet-patches-critical-fortiswitch-vulnerability/ #Vulnerabilities #vulnerability #Fortinet

Fortinet unveils FortiAI innovations enhancing threat protection and security operations https://www.helpnetsecurity.com/2025/04/09/fortinet-unveils-fortiai-innovations-enhancing-threat-protection-and-security-operations/ #Industrynews #Fortinet

Whoa, FortiSwitch alert! We all know unpatched switches are basically a welcome mat for attackers, right? It sounds familiar: small device, potentially *huge* headache.

Heads up on **CVE-2024-48887**. This one's nasty: it could let someone change the admin password *without even logging in*. Yeah, you read that right. With a **CVSS score of 9.3**, that's seriously critical!

**Bottom line: You need to update ASAP.** Get your switches to version **6.4.15, 7.0.11, 7.2.9, 7.4.5, or 7.6.1** like, yesterday!

Trust me, as a pentester, I see this scenario play out way too often. It's usually the seemingly "small stuff" that ends up causing massive breaches across entire networks. Don't let that be you.

Beyond patching, **lock down that HTTP/HTTPS management access!** Seriously limit *who* and *what* can even reach the switch's interface. Do it **NOW!**

Even if there isn't a widely available exploit *yet*, don't gamble and wait for one to appear. Procrastination is not your friend here.

So, real talk: How often are you *actually* getting around to patching your network devices? Drop a comment below!

Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw – Source:thehackernews.com https://ciso2ciso.com/fortinet-urges-fortiswitch-upgrades-to-patch-critical-admin-password-change-flaw-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Fortinet

https://www.fortiguard.com/psirt/FG-IR-24-435
Fortinet FortiSwitches (not FortiGate) without hardening using trusthosts/acls —> check logs, harden/set trusthosts and patch

Every #Fortinet Vuln going forward.

How Unfortinet.

CERT.at investigates ransomware attacks via critical Fortinet vulnerabilities (FortiOS, FortiProxy) and recommends urgent forensic investigations of all devices that didn't have FortiOS 7.0.16 installed before 2025-01-27, when the PoC for CVE-2024-55591 was published. Those devices may be compromised despite having been patched later.

Check (German) warning by @CERT_at
https://www.cert.at/de/warnungen/2025/3/ransomware-gruppen-nutzen-weiterhin-kritische-fortinet-schwachstellen-warnung-vor-gepatchten-aber-bereits-kompromittierten-geraten

Long story with Forescout:
https://www.forescout.com/blog/new-ransomware-operator-exploits-fortinet-vulnerability-duo/