Security researchers at Cyble have observed initial access brokers (IABs) selling access to enterprise networks likely compromised via a recently patched critical vulnerability in Fortinet products.
The vulnerability, identified as CVE-2022-40684, which affects the FortiOS, FortiProxy, and FortiSwitchManager products, was made public in early October, by which time it had already been used in malicious attacks. The problem is an authentication bypass that enables a remote attacker to access a vulnerable appliance’s admin interface and conduct unauthorized actions using specially crafted HTTP or HTTPS requests.
Also Read: Reasons why Cybersecurity Mesh Architecture Has Become a Necessity for Modern Enterprises
In essence, the security flaw gives the attacker administrative access to SSH on the target appliance, enabling the attacker to change or add a legitimate public SSH key to the system and take full control of it.
Read More: Cybercriminals Selling Access to Networks Compromised via Recent Fortinet Vulnerability