
FG-IR: FG-IR-24-423
Severity: Critical (CVSS: 9.8)
will soon be incoming
More than 86,000 Fortinet instances remain vulnerable to the critical flaw that attackers started exploiting last week, according to Shadowserver's data. The most recent count taken from Sunday put the number of IPs vulnerable to the bug at 86,602 – a slight decrease from 87,930 the day before. The internet security biz's …
The fix was available in version 7.2.7, we are now on 7.2.10 (For those that use the 7.2 path).
So let's say that these people are at least 4 versions behind. I wonder what version they are actually running....
Fortigate are pretty easy to update so it's not like there are many valid reasons not to keep them up to date.
The issue is, you can't always follow the upgrade path, especially when it involves thousands of devices. With Fortinet, every new update seems to introduce more exciting service affecting bugs for you to discover, especially when it comes to SDWAN, where we're frequently having to create workarounds and offload stuff from the CPU/NPU to software. We seem to open a new TAC case with them on a daily basis.
I know of at least 1 Australian MSP that was multiple versions behind for all of their clients back in December 2023 and from what we can gather are still on the same version for all of their clients - except ourselves, we moved off their FortiManager etc after in issue over the Christmas and New Years break that I had the unfortunate luck to get caught up in, after we updated our switch firmware's and broke their ability to manage our devices, which is how we found out about their version levels.