December 12, 2022

Critical Patch Available for FortiGate Firewalls - WST

Fortinet just published details ( of a vulnerability that could allow remote code execution by an attacker (without any authentication) through FortiGate firewalls that have SSL-VPN functionality available on the Internet.

What makes this one a bit different from other notices of its kind is that Fortinet says that they are “aware of an instance where this vulnerability was exploited in the wild.” Attackers are actively exploiting this vulnerability, and now that the notification has gone out, they will ramp up their activity trying to get in as many places as possible before patching takes place.

To fix: Upgrade FortiOS as soon as possible.
Upgrading the firewall will require a reboot and could affect operations, so, unless you can accommodate the network outage during the day, it may be best to have this upgrade performed after-hours. If there’s a managed services provider that administers a firewall on your behalf, have them prove to you that you’re not on an affected version of FortiOS.

To investigate whether the vulnerability was exploited in your environment, Fortinet also offers some known IP addresses and ports that have been used. You’ll want to look for these in your firewall logs/SIEM or have any associated managed security services providers do this on your behalf. Look for connections to suspicious IP addresses and ports from the FortiGate:,30081,30443,20443,444

Information on other IOCs (indicators of compromise) can be found in the advisory.

Authored by: Kyle Stelly, CISSP, PCIP

You May Want to Read More:

The Scope of SARs - Something Old and Something New - WST

January 28th, 2021

Did you know that filing Suspicious Activity Reports...

In with the new year, out with the Flash - WST

January 21st, 2021

The writing has been on the wall for a while now ...

Back to Basics: Understanding Risk Concepts - WST

January 15th, 2021

People often make judgements and decisions about risk...

Keep your institution off the evening news.

Contact Us