Fortinet Addresses Active FortiCloud SSO Bypass Exploits on Patched FortiGate Firewalls
Fortinet confirms ongoing exploitation of an authentication bypass flaw in fully patched FortiGate firewalls, urging immediate mitigation as a permanent fix is developed.
Fortinet Confirms Active Exploitation of FortiCloud SSO Bypass Vulnerability
Fortinet has acknowledged active exploitation of an authentication bypass vulnerability affecting FortiCloud Single Sign-On (SSO) on fully patched FortiGate firewalls. The company revealed that attacks have occurred within the past 24 hours, even on devices updated to the latest firmware versions, indicating a previously unknown or unpatched flaw.
Technical Details
While Fortinet has not yet released a CVE ID or full technical advisory, the vulnerability appears to enable attackers to bypass FortiCloud SSO authentication mechanisms. This could allow unauthorized access to firewall management interfaces or protected network resources without valid credentials. The company has confirmed that the issue affects FortiGate firewalls running recent firmware versions, suggesting a zero-day or incomplete patch scenario.
Impact Analysis
Successful exploitation of this flaw poses significant risks, including:
- Unauthorized administrative access to FortiGate firewalls
- Lateral movement within compromised networks
- Data exfiltration or deployment of additional malicious payloads
- Disruption of network security controls
Given the widespread deployment of FortiGate firewalls in enterprise and government environments, the vulnerability could have broad implications for organizations relying on Fortinet’s security infrastructure.
Recommendations for Security Teams
Fortinet is actively developing a permanent patch. In the interim, security teams are advised to:
- Monitor firewall logs for unusual authentication attempts or unauthorized access.
- Enable multi-factor authentication (MFA) where possible to reduce the risk of unauthorized access.
- Restrict administrative access to trusted IP ranges or internal networks.
- Review and strengthen network segmentation to limit potential lateral movement.
- Stay updated via Fortinet’s official security advisories for patch releases and mitigation guidance.
Fortinet has not disclosed the scale of the attacks or the identities of affected organizations. Further details, including a CVE assignment, are expected in the coming days as the investigation progresses.