Secure your Fortinet appliances across large-scale on-premises, cloud, and hybrid networks


If there’s one thing we love to see, it’s people using NodeZero to evaluate their hybrid cloud at scale, especially when checking out for a patch.

While unannounced zero-day vulnerabilities garner quite a bit of fear and attention, one of the biggest risks introduced to business operations are newly announced vulnerabilities, or N-days. When an easily exploitable vulnerability surfaces for a ubiquitous product, we’re all in a race to:

  1. Find all assets (especially public ones) that are vulnerable
  2. Repair (repair or mitigate) as quickly and safely as possible
  3. Verify that the implemented remediation action actually works when under attack

For example, over the past week, cybersecurity practitioners have been scrambling to patch their Fortinet appliances with the latest CVE-2022-40684. In case you missed it, here’s a recap to catch up:

A quick search online reveals several articles describing the vulnerability and its ongoing massive exploitation. When an easily exploitable vulnerability surfaces for such a ubiquitous product, we are all in a race condition to fix it while attackers attempt to exploit it.

In the image below, you’ll see part of an administrator’s NodeZero operations summary screen, where several of our customers and new free trial users quickly check their security status.

Some wanted to focus on specific known hosts running the vulnerable operating system, while others wanted to search, repair and verify “at scale” across their entire enterprise product network. That’s how our users find that device that was no longer supposed to be publicly available, where that host set up by marketing that was supposed to have been decommissioned years ago, or where those third-party authentications that your developers have used while your product was on stage has not been promoted in production. This is how we all check that our weekend fixes are working.

For example, here’s how one customer used NodeZero:

They used NodeZero to find and verify that their Fortinet appliance was vulnerable, accessible, and exploitable from the chosen vantage point or launch point. They didn’t need to install an agent, create a script, and load credentials. They just used our simple course of action map, specified a scope, and ran a pentest.

Their first test came back confirming that their device was workable.

This is the path of attack that NodeZero has taken to compromise this host and this critical infrastructure.

You can see that NodeZero autonomously discovered the host, verified that the web service on port 80 was up, found the Fortigate SSL VPN application was running, and then ran our exploit, by taking advantage of the appliance OS browser header and looking for a specific server IP address as authoritative, told it to contact our interaction server, and once compromised l ‘host, NodeZero provides proof by showing the content of the admin user’s settings.

Now that they know it’s exploitable, what have they done? 17 minutes later they launched a second attack just to verify that was really the case. After confirmation, the next pentest we see is the next morning:

And now you can see the comparison, where the hosts are still accessible but no longer vulnerable or exploitable.

That’s how you win.

Bottom line: We’re making it easier for anyone to check if their appliances are accessible, vulnerable, and exploitable. Can your other tools do it quickly and at scale?

This article was written by Monti Knode, Director of Customer and Partner Success at

The post Secure Your Fortinet Appliances Across Large-Scale On-premises, Cloud, and Hybrid Networks appeared first on

*** This is a syndicated blog from’s Security Bloggers Network written by Monti Knode. Read the original post at:


Comments are closed.