FortiBleed — 75k Fortinet firewalls have admin passwords cracked
ID: 42cae240-70e7-5cf4-b2fe-f1d179ce8563
STIX ID: report--42cae240-70e7-5cf4-b2fe-f1d179ce8563
Feed Name: DoublePulsar
FortiBleed: threat intelligence indicates roughly 75,000 Fortinet FortiGate devices had admin credentials recovered from exported configuration files; most devices remain online and many expose the management interface. Attackers with these credentials could gain remote access, change firewall settings, create backdoors, and pivot into networks. The root cause is unclear (possible known CVEs or a new issue) and Fortinet implemented stronger credential storage in recent firmware, but many devices remain vulnerable; recommended actions include immediate credential rotation, firmware updates, limiting management exposure, enabling MFA, and assuming compromise.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
