A threat intel analyst reported having seen a hacker listing out one-line exploits for over 49,000 Fortinet FortiOS SSL VPN devices . And when decoded from the IP addresses mentioned, dozens of them are linked to popular banks, government organizations, and several companies. Exploiting Fortinet VPNs can leak their network login credentials.

Thousands of Vulnerable Fortinet Devices in Wild

One-Line Exploits For Nearly 50,000 Fortinet VPN Devices Exposed - 1 One-Line Exploits For Nearly 50,000 Fortinet VPN Devices Exposed - 2

A threat intelligence analyst named Bank_Security on Twitter has posted screenshots of a post where a hacker in a dark web forum has listed exploits for hijacking 49,577 vulnerable Fortinet FortiOS SSL VPN devices. With all the devices listed with their IP addresses, tracking them back showed intriguing results.

After a nslookup on all IPs, I found that among the victims there are some Banks, many .gov domains and thousands of companies around the world. https://t.co/F4o9xzjGJ4 — Bank Security (@Bank_Security) November 20, 2020