Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs
Did you know there’s widespread exploitation of FortiNet products going on using a zero day, and that there’s no CVE? Now you do.
The thread is a bit wild, I didn’t know about the FortiNet private notification as I’m just an InfoSec pleb (InfoSec porg?) so had to fill in the details via Reddit later.
At the time, it turned out no patches were available, no CVE had been allocated, and they hadn’t decided to publicly document what was happening. I locked some of the thread to followers only, to give Fortigate time to get things in order and to give defenders some mitigations.
But, well, it’s been a while. I gather they’ve notified some customers via email — according to Reddit, many people in infosec didn’t get the email, and they’ve relied on my toots.
There’s still no reference to it on FortiNet’s PSIRT security advisory website (which, also, stopped working over a day ago):
/cdn.vox-cdn.com/uploads/chorus_asset/file/25693192/2160975539.jpg)
