Hack/Defend Fortinet FortiOS and FortiProxy

Ongoing nation state attacks on Fortinet have revealed a series of CVEs (zero days), some of which are being exploited in the wild.

David Merian
System Weakness

Fortinet is a network security company, and subsequently, a target for nation state attacks. Their software and products, including most recently FortiOS and in the past, FortiGate, have been attacked via targeted malware, a remote access trojan called Coathanger.

I will do a quick write up for both blue team and red team. I start with blue team, which you red teamers / security researchers / hackers should read as well, because the info there will re-enforce your research and attempts.

All’s not well with the fort. My photo of castle.

Blue Team / Defend

For defending your Fortinet products, like FortiOS, FortiGate, first and foremost, upgrade the product FortiOS and FortiProxy (both of which use sslvpnd, the library vulnerable to an “out-of-bounds write vulnerability [CWE-787]”, designated CVE-2024–21762, and internally at Fortinet as FG-IR-24–015.

Secondly, check out this blue team tool which checks for IOCs (indicators of compromise) against the Coathanger malware, which is a RAT (remote access trojan). The most advanced blue team tool is open source from the Dutch cyber military and…

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Or, continue in mobile web

Already have an account? Sign in

Published in System Weakness

System Weakness is a publication that specialises in publishing upcoming writers in cybersecurity and ethical hacking space. Our security experts write to make the cyber universe more secure, one vulnerability at a time.

Written by David Merian

Smart Contract Security | Fuzzing | Web3 | Blockchain | Crypto | Automation | AI | Automotive Security | Embedded Security | Cybersecurity | #followback

No responses yet

What are your thoughts?