Skip to content
Contact us

Active Exploitation of Fortinet FortiWeb Path Traversal Vulnerability

Picture of The 1898 & Co. Team

Recent reports have highlighted a critical path traversal vulnerability in Fortinet's FortiWeb devices, which is being actively exploited by threat actors. This vulnerability allows attackers to create new administrative users on exposed devices without requiring authentication. The flaw, identified in FortiWeb versions 8.0.1 and earlier, has been addressed in version 8.0.2. Administrators are strongly urged to update their systems immediately and review their devices for any signs of unauthorized access.

The exploitation of this vulnerability was first observed on October 6, with attacks rapidly increasing in frequency. Threat actors are leveraging HTTP POST requests to a specific Fortinet endpoint to create local admin-level accounts on targeted devices. The attacks have been traced back to a variety of IP addresses, indicating a widespread and coordinated effort to exploit this flaw globally.

Security researchers have confirmed the exploit's effectiveness and have released tools to help defenders identify vulnerable devices. Despite the active exploitation, there has been no official disclosure from Fortinet regarding this specific vulnerability. Administrators are advised to restrict management interfaces to trusted networks or VPN-only access to mitigate potential risks.

Threats and Vulnerabilities

The Fortinet FortiWeb path traversal vulnerability is a significant threat due to its ability to allow unauthorized creation of administrative accounts on affected devices. This vulnerability affects FortiWeb versions 8.0.1 and earlier, with the flaw being fixed in version 8.0.2. Attackers exploit this vulnerability by sending HTTP POST requests to a specific endpoint, enabling them to bypass authentication and gain administrative access.

The impact of this vulnerability is substantial, as it can lead to unauthorized control over affected systems, potentially resulting in data breaches, operational disruptions, and further exploitation of network resources. The attacks have been observed originating from multiple IP addresses, suggesting a coordinated effort by threat actors to exploit this flaw on a global scale.

Client Impact

Clients using Fortinet FortiWeb devices are at risk of unauthorized access and control over their systems due to this vulnerability. The creation of unauthorized administrative accounts can lead to significant operational disruptions, data breaches, and potential financial losses. Additionally, organizations may face reputational damage if sensitive information is compromised.

From a compliance perspective, the exploitation of this vulnerability could result in regulatory challenges, audits, or penalties if data protection regulations are violated. It is crucial for organizations to assess their exposure and take immediate action to secure their systems against this threat.

Mitigations

To mitigate the risks associated with the Fortinet FortiWeb path traversal vulnerability, clients should take the following actions:

  1. Update all FortiWeb devices to version 8.0.2 or later to address the vulnerability.
  2. Review device logs for any unusual administrative accounts or requests to the fwbcgi path.
  3. Investigate any activity originating from the identified suspicious IP addresses.
  4. Restrict management interfaces to trusted networks or VPN-only access.
  5. Implement network segmentation to limit exposure of critical systems.
  6. Conduct regular security audits and vulnerability assessments.
  7. Educate staff on recognizing and responding to potential security incidents.

By taking these steps, organizations can reduce their risk of exploitation and enhance their overall security posture. Continuous monitoring and timely updates are essential components of an effective cybersecurity strategy.

1898 & Co. Response

1898 & Co. is actively addressing the current threat landscape by offering specialized services and solutions tailored to mitigate emerging threats like the Fortinet FortiWeb vulnerability. Our team is focused on providing clients with timely updates and guidance on securing their systems against such vulnerabilities.

We are collaborating with industry partners and leveraging our extensive threat intelligence capabilities to stay ahead of potential exploits. Our ongoing research efforts ensure that we provide clients with the most up-to-date information and effective security measures.

In response to this specific threat, we have developed targeted assessment services to help clients identify vulnerable devices and implement necessary mitigations. Our case studies demonstrate successful interventions where we have assisted clients in securing their networks against similar threats.

Active Exploitation of Fortinet FortiWeb Path Traversal Vulnerability

CISA Fortinet FortiWeb Path Traversal Vulnerability Advisory