Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day www.theregister.com/2025/01/2…

Fortinet customers need to get with the program and apply the latest updates as nearly 50,000 management interfaces are still vulnerable to the latest zero-day exploit.

Data from the Shadowserver Foundation shows 48,457 Fortinet boxes are still publicly exposed and haven’t had the patch for CVE-2024-55591 applied, despite stark warnings issued over the past seven days.

Speaking to The Register about the issue last week, Arctic Wolf Labs' lead threat intelligence researcher Stefan Hostetler said exploits have been widespread, opportunistic, and date back to December.

He added that once they’ve pwned their target, attackers appear to be stealing credentials and using them to worm their way through the victim’s network with admin privileges. The rest of the details are still being gathered, but - needless to say - an intruder with admin access is not a welcome addition to the network.

“What we can say is that ransomware is not off the table,” Hostetler said, citing similar tactics used in the past by the likes of Akira and Fog.