back to article Thousands of Fortinet instances vulnerable to actively exploited flaw

More than 86,000 Fortinet instances remain vulnerable to the critical flaw that attackers started exploiting last week, according to Shadowserver's data. The most recent count taken from Sunday put the number of IPs vulnerable to the bug at 86,602 – a slight decrease from 87,930 the day before. The internet security biz's …

  1. Anonymous Coward
    Anonymous Coward

    FG-IR: FG-IR-24-423

    Severity: Critical (CVSS: 9.8)

    will soon be incoming

  2. train_wreck

    FortiManager FortiFucking up and causing FortiProblems? shocked FortiPikachu

    1. Homo.Sapien.Floridanus

      Given that the fix has been around for 9 months it appears that some router admins have been FortiSnorlaxing.

      1. wolfetone Silver badge
        Coat

        Wouldn't have happened if FortiTeamRocket were in charge!

  3. Khaptain Silver badge

    Couple of version too late.

    The fix was available in version 7.2.7, we are now on 7.2.10 (For those that use the 7.2 path).

    So let's say that these people are at least 4 versions behind. I wonder what version they are actually running....

    Fortigate are pretty easy to update so it's not like there are many valid reasons not to keep them up to date.

    1. Anonymous Coward
      Anonymous Coward

      Re: Couple of version too late.

      Not sure if it impacts the client side, but the client on my company laptop is 7.2.3.0929

      I can imagine the server maybe similar as looking at the notifications on the client it checks for an update and says non found

    2. elaar

      Re: Couple of version too late.

      The issue is, you can't always follow the upgrade path, especially when it involves thousands of devices. With Fortinet, every new update seems to introduce more exciting service affecting bugs for you to discover, especially when it comes to SDWAN, where we're frequently having to create workarounds and offload stuff from the CPU/NPU to software. We seem to open a new TAC case with them on a daily basis.

  4. Medixstiff

    I know of at least 1 Australian MSP that was multiple versions behind for all of their clients back in December 2023 and from what we can gather are still on the same version for all of their clients - except ourselves, we moved off their FortiManager etc after in issue over the Christmas and New Years break that I had the unfortunate luck to get caught up in, after we updated our switch firmware's and broke their ability to manage our devices, which is how we found out about their version levels.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like