Fortinet Published the following:
https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity
“ The targeting of known, unpatched vulnerabilities by a threat actor is not new and has been previously examined; this specific finding is the result of a threat actor taking advantage of a known vulnerability with a new technique to maintain read-only access to vulnerable FortiGate devices after the original access vector was locked down. Immediately upon discovery, we activated our PSIRT response efforts, developed necessary mitigations and have communicated with affected customers. We continue to work directly with those customers to ensure they have taken steps to remediate the issue. “
Remediations:
- Upgrade all devices to 7.6.2, 7.4.7, 7.2.11 & 7.0.17 or 6.4.16.
- Review the configuration of all devices.
