LAST UPDATED: 2022-10-14
This one-time Special Report contains information about Fortinet devices likely vulnerable to a critical authorization bypass CVE-2022-40684. We see this vulnerability exploited in the wild.
The report is sourced from LeakIX.
The 2022-10-14 report contains
17415 unique, potentially vulnerable IPs.
If you have not applied the patch when it was published on Oct 10th 2022 and you were exposing the administrative interface to the Internet, it is possible that your FortiOS/FortiProxy/FortiSwitchManager has been compromised already, as exploitation has been observed. Make sure to investigate for signs of compromise in accordance with best practices.
Do not expose your Fortinet device management interface to the public Internet. Use firewalling to block traffic and make sure to patch and follow Fortinet guidance.
About Special Reports
Shadowserver Special Reports are unlike all of our other standard free daily network reports.
Instead, we send out Special Reports in situations where we share one-time, high value datasets that we feel should be reported responsibly for maximum public benefit, such as in cases where we have a critical new vulnerability being exploited against potentially high value targets.
Note that the data shared across special reports may differ on a case by case basis hence the report formats for different Special Reports may be different.