Multiple critical security vulnerabilities reported on Fortinet: what to do?

In recent months, several critical security vulnerabilities have been reported on Fortinet equipment. Examples: CVE-2023-27997, CVE-2023-26204, CVE-2023-33299, CVE-2023-22637, CVE-2022-4133, CVE-2022-42475, etc.

Some of these vulnerabilities are of the RCE (Remote Code Execution) type, allowing the attacker to remotely execute malicious system commands on vulnerable Fortinet devices. The attacker needs no password to execute the attack.

The malicious programs run on the victim machine with administrator rights, and there is no limit to what the attacker can do:

Take control of Fortinet equipment and maintain persistence
Execute a malicious tool (Trojan, etc.)
Bounce off Fortinet equipment and enter your network
Eavesdrop on what enters and leaves your network
Capture information
Etc.

Note that MFA multi-factor authentication does not protect you against these attacks either.

Why are so many vulnerabilities currently reported on Fortinet?

When a critical security vulnerability is reported on a given technology, the spotlight of hackers (ethical or not) automatically turns to that technology.

This automatically leads to a frantic search for vulnerabilities on the said technology by unethical hackers who want to find a loophole to exploit.

Ethical hackers will also be interested in the case. Some are interested in the prize (reward for reporting a vulnerability to the editor) or in visibility or influence in the hacker community.

If, unfortunately, a second critical vulnerability is found in the next few days, the entire hacker community, including script kiddies, will turn on the publisher. They'll think that all the editor's technologies are full of vulnerabilities (the equivalent of finding a gold mine).

Unfortunately, this is what happens to Fortinet.

What to do if you use Fortinet technologies

If you use Fortinet technologies, you can expect significant vulnerabilities to continue to be reported on Fortinet (until the gold mine runs out).

To minimize your security risks, here's what you need to do:

Perform vulnerability management and systematically apply security patches
Don't expose the administration interface of your Fortinet equipment on the Internet if you don't need to.
Use geolocation to limit access to your Fortinet equipment.
Use IP filtering to limit access to the administration interface of your firewalls. Authorize only those IP addresses to which access is necessary.
Monitor your network security 24/7 (using an intrusion detection system such as Streamscan's CDS). This will enable you to identify suspicious activity and attacks, and deal with them quickly to prevent them becoming a problem.

Need help managing your security vulnerabilities?