https://community.isc2.org/t5/Threats/FortiOS-amp-FortiProxy-Authentication-bypass-in-Node-js/m-p/78404#M1565 Stay safe online, everyone! Fortinet's recent announcement about a critical vulnerability in FortiOS and FortiProxy is serious. Think of your network security like managing your own little store, but instead of bananas in Monkey Mart, it's sensitive data! Unpatched systems could grant attackers "super-admin" access, like giving them the keys to the whole kingdom. Be sure to check for those IOCs and apply the necessary updates immediately to avoid potential compromises.<BR /><BR /> Tue, 01 Apr 2025 03:29:55 GMT Danielll 2025-04-01T03:29:55Z https://community.isc2.org/t5/Threats/FortiOS-amp-FortiProxy-Authentication-bypass-in-Node-js/m-p/76318#M1455 <P>Dear all,</P><P>&nbsp;</P><P>Fortinet has identified a critical vulnerability in FortiOS and FortiProxy. The vulnerability may allow an unauthenticated remote attacker to gain “super-admin” privileges.<BR /><BR />The Fortinet vulnerability notification describes possible Indicators of Compromise (IOCs) and IPs associated the threat actor, which may assist in identifying suspicious activity.<BR /><BR />Fortinet has observed active exploitation of this vulnerability.<BR />Fortinet advises that threat actors have been observed performing the following post exploitation activities:<BR />Creating an admin account on the device with a random user name.<BR />Creating a Local User account on the device using a random name.<BR />Creating a user group or adding the above local user to an existing sslvpn user group.<BR />Adding/changing other settings (firewall policy etc.)<BR />Logging in the sslvpn with the above-added local users to get a tunnel to the internal network.<BR /><BR />Affected versions/applications:<BR /><BR />FortiOS version 7.0 - 7.0.0 through 7.0.16<BR />FortiProxy version 7.0 - 7.0.0 through 7.0.19<BR />FortiProxy version 7.2 - 7.2.0 through 7.2.12<BR /><BR /><A href="https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/fortios-fortiproxy-authentication-bypass-nodejs-websocket-module-vulnerability?utm_source=linkedin&amp;utm_campaign=feb-25&amp;utm_medium=social&amp;utm_content=alert-fortinet" target="_blank">https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/fortios-fortiproxy-authentication-bypass-nodejs-websocket-module-vulnerability?utm_source=linkedin&amp;utm_campaign=feb-25&amp;utm_medium=social&amp;utm_content=alert-fortinet</A></P><P>&nbsp;</P><P><A href="https://www.fortiguard.com/psirt/FG-IR-24-535" target="_blank">https://www.fortiguard.com/psirt/FG-IR-24-535</A></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 15 Jan 2025 06:21:35 GMT https://community.isc2.org/t5/Threats/FortiOS-amp-FortiProxy-Authentication-bypass-in-Node-js/m-p/76318#M1455 Kyaw_Myo_Oo 2025-01-15T06:21:35Z https://community.isc2.org/t5/Threats/FortiOS-amp-FortiProxy-Authentication-bypass-in-Node-js/m-p/78404#M1565 Stay safe online, everyone! Fortinet's recent announcement about a critical vulnerability in FortiOS and FortiProxy is serious. Think of your network security like managing your own little store, but instead of bananas in Monkey Mart, it's sensitive data! Unpatched systems could grant attackers "super-admin" access, like giving them the keys to the whole kingdom. Be sure to check for those IOCs and apply the necessary updates immediately to avoid potential compromises.<BR /><BR /> Tue, 01 Apr 2025 03:29:55 GMT https://community.isc2.org/t5/Threats/FortiOS-amp-FortiProxy-Authentication-bypass-in-Node-js/m-p/78404#M1565 Danielll 2025-04-01T03:29:55Z