Summary: Fortinet has issued a warning about a post-exploitation technique that allows threat actors to maintain read-only access to compromised FortiGate VPN devices, even after patching the original vulnerabilities. The technique involves creating symbolic links to the root filesystem, which may enable continued access to configurations despite software updates. Customers are urged to promptly update their devices to mitigate this risk and review configurations for any suspicious changes.Affected: Fortinet FortiGate/FortiOS devices
Keypoints :
- Threat actors exploit older vulnerabilities to create symbolic links, maintaining access to compromised devices.
- This tactic has been used in numerous attacks dating back to early 2023.
- Customers are advised to immediately upgrade to the latest FortiOS versions and review device configurations for unauthorized changes.
Views: 15