🥷Fortinet’s Persistent Vulnerabilities | A Persistent Threat & Essential Mitigations🥸

Over recent years, Fortinet’s infrastructure has faced numerous, often critical vulnerabilities, many of which are actively exploited and recurrently flagged by CISA as among the most widely exploitable. In some cases, Fortinet vulnerabilities outpace even those of Microsoft’s notorious on-premises Exchange in terms of frequency and exposure, placing users of Fortinet devices at high risk of breaches.

The issue is compounded by Fortinet's delayed response in certain cases, a pattern that can heighten risks for users. Additionally, Fortinet's default settings often come with exploitable gaps, creating vulnerabilities in systems left unmodified or insufficiently secured. Though patching is always recommended to close these gaps, the reality is that the patching process is not always universally applied, and many devices remain vulnerable. Currently, it is estimated that over 100,000 Fortinet devices are publicly accessible with known vulnerabilities, with far more potentially exposed within internal infrastructure.

To address these risks effectively, applying updates is crucial but must be part of a layered strategy to ensure comprehensive security. Here are essential steps Fortinet users can adopt to mitigate these vulnerabilities:

1. Implement a Segregated Management Plane

By creating a separate management plane for infrastructure management, administrators can limit exposure to the public internet. A fully segregated management network, isolated from the operational network, ensures that the management interfaces of Fortinet devices are accessible only through secure channels, significantly reducing the attack surface.

Benefits:

• Reduces risk of unauthorized access to critical configurations.

• Isolates management traffic, keeping it private and secure from external threats.

• Provides better control over who can access critical infrastructure, enforcing a zero-trust model.

2. Audit and Adjust Default Settings

Default configurations in Fortinet devices can often introduce vulnerabilities if left unmodified. Conducting regular audits of these settings and modifying them to align with best practices is essential.

Benefits:

• Prevents default credentials or open ports from being exploited.

• Ensures device configurations are tailored to the unique security needs of each environment.

• Allows IT teams to enforce standards across all devices, minimizing overlooked configurations.

3. Use Firewall Compliance & Governance Services

Partnering with a firewall compliance and governance service, such as Port443, allows organizations to continuously monitor, evaluate, and improve firewall configurations. Port443, for example, assesses device compliance, ensures configurations meet regulatory and security standards, and alerts teams of vulnerabilities.

Benefits:

• Identifies and remediates configuration gaps promptly.

• Ensures compliance with industry standards and regulatory frameworks.

• Provides peace of mind that firewall settings are not “set and forgotten,” but rather evolve as threats emerge.

4. IP Blocking of Known Abusers

Monitoring and blocking IP addresses identified in abuse lists can prevent known malicious actors from targeting the network. Setting rules to automatically block these IPs adds another layer of defense against threats that specifically target Fortinet vulnerabilities.

Benefits:

• Prevents recognized attackers from probing or accessing the network.

• Reduces the chances of exploitation from known malicious IPs.

• Strengthens the security posture against repeat or automated attacks.

5. Implement Secure, Filtered DNS Solutions

Using filtered DNS services, such as those provided by Quad9 or Cloudflare, adds a layer of DNS-based filtering, blocking domains associated with malware, phishing, and other threats before they even reach Fortinet-protected devices.

Benefits:

• Stops connections to known malicious domains, preventing malware downloads and data exfiltration.

• Provides early detection of suspicious domain activities.

• Reduces strain on Fortinet devices by filtering malicious traffic at the DNS level.

Wrap

While Fortinet's consistent vulnerabilities place customers at a disadvantage, they also underscore the importance of a multi-layered security approach that goes beyond basic patching. By implementing a segregated management plane, auditing device configurations, utilizing firewall governance services, blocking known malicious IPs, and leveraging filtered DNS solutions, businesses can drastically reduce their risk profile.

Relying solely on updates is insufficient for today’s security demands. To ensure business survival and reduce exposure, adopting these mitigations is essential for a robust security posture that anticipates and thwarts would-be attackers.

---