Security researchers are warning of active exploitation of a suspected zero-day vulnerability in Fortinet’s FortiWeb Web Application Firewall (WAF). Unauthenticated, remote attackers are exploiting the flaw to create unauthorized administrator accounts on vulnerable, internet-facing devices.
Business Impact
This is a critical breach. A WAF is a key security control that inspects all traffic to your web applications. An attacker who controls the WAF can bypass all its protections, steal sensitive data (like credit cards or PII), modify web traffic, and gain a foothold to attack backend servers.
Why It Happened
The flaw (which is not yet assigned a CVE) appears to be an authentication bypass in the WAF’s management interface, allowing attackers to use the REST API to create new admin users with full privileges without needing to log in.
Recommended Executive Action
Direct your network security team to immediately restrict all access to the FortiWeb management interface to a secure, internal-only network. Mandate an immediate audit of all FortiWeb devices for any new or unrecognized administrator accounts, and prepare to apply patches as soon as Fortinet releases them.
Hashtags: #Fortinet #FortiWeb #ZeroDay #Vulnerability #RCE #CyberSecurity #PatchNow #InfoSec #WAF