CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on Thursday to Fortinet customers using FortiGate appliances, advising them to implement security measures against active exploitation targeting numerous devices. This widespread campaign, identified as FortiBleed, is attributed to Russian-speaking threat actors and has already impacted 86,644 internet-accessible FortiGate devices. CISA's advisory highlights that these devices are being actively exploited, and the agency has observed a significant increase in the number of vulnerable devices being scanned and compromised. The agency recommends that organizations with affected devices immediately apply available patches and implement recommended security configurations. Fortinet has previously released security advisories and patches for the vulnerabilities exploited in this campaign, including CVE-2022-42475, a critical heap-based buffer overflow vulnerability in FortiOS SSL-VPN. CISA is urging all organizations to review their security posture and ensure all Fortinet devices are up-to-date and properly configured to mitigate the risk of further compromise. The agency also recommends monitoring network traffic for suspicious activity and reporting any incidents to CISA.