Tens of thousands of IPs vulnerable to Fortinet flaw dubbed ‘must patch’ by feds | CyberScoop<\/title> <meta name=\"description\" content=\"The Shadowserver Foundation put the figure at around 87,000 for a vulnerability rated as critical and first discovered in February.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/ips-vulnerable-fortinet-flaw-must-patch\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Tens of thousands of IPs vulnerable to Fortinet flaw dubbed 'must patch' by feds\"> <meta property=\"og:description\" content=\"The Shadowserver Foundation put the figure at around 87,000 for a vulnerability rated as critical and first discovered in February.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/ips-vulnerable-fortinet-flaw-must-patch\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-10-14T16:22:58+00:00\"> <meta property=\"article:modified_time\" content=\"2024-10-14T16:22:59+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tens-of-thousands-of-ips-vulnerable-to-fortinet-flaw-dubbed-must-patch-by-feds-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Tim Starks\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@timstarks\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1725982252g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1725466133g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1728669090g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ada0ad45b21fc79c6694\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/82136\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.6.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=82136\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fips-vulnerable-fortinet-flaw-must-patch%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fips-vulnerable-fortinet-flaw-must-patch%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-82136 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/ips-vulnerable-fortinet-flaw-must-patch\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.84375\">\n<div class=\"single-article__header-content\" readability=\"31.003831417625\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/cybersecurity\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> The Shadowserver Foundation put the figure at around 87,000 for a vulnerability rated as critical and first discovered in February. <\/p>\n<p>   <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tens-of-thousands-of-ips-vulnerable-to-fortinet-flaw-dubbed-must-patch-by-feds.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tens-of-thousands-of-ips-vulnerable-to-fortinet-flaw-dubbed-must-patch-by-feds-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tens-of-thousands-of-ips-vulnerable-to-fortinet-flaw-dubbed-must-patch-by-feds-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tens-of-thousands-of-ips-vulnerable-to-fortinet-flaw-dubbed-must-patch-by-feds-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tens-of-thousands-of-ips-vulnerable-to-fortinet-flaw-dubbed-must-patch-by-feds-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tens-of-thousands-of-ips-vulnerable-to-fortinet-flaw-dubbed-must-patch-by-feds-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tens-of-thousands-of-ips-vulnerable-to-fortinet-flaw-dubbed-must-patch-by-feds-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tens-of-thousands-of-ips-vulnerable-to-fortinet-flaw-dubbed-must-patch-by-feds-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tens-of-thousands-of-ips-vulnerable-to-fortinet-flaw-dubbed-must-patch-by-feds-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tens-of-thousands-of-ips-vulnerable-to-fortinet-flaw-dubbed-must-patch-by-feds-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tens-of-thousands-of-ips-vulnerable-to-fortinet-flaw-dubbed-must-patch-by-feds-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> FrankyDeMeyer\/Getty Images <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"15.753221957041\"><body readability=\"34.96668761785\"><\/p>\n<p>Around 87,000 IPs are likely susceptible to a Fortinet vulnerability that the Cybersecurity and Infrastructure Security Agency put on its \u201cmust patch\u201d list last week because attackers are actively exploiting it, according to data from the nonprofit Shadowserver Foundation.<\/p>\n<p><a href=\"https:\/\/x.com\/Shadowserver\/status\/1845478432479846737\">The number<\/a> was at 87,930 on Saturday before dropping slightly to 86,602 on Sunday.<\/p>\n<p>CISA placed the critical <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\">remote code execution vulnerability<\/a> on its <a href=\"https:\/\/cyberscoop.com\/cisa-kev-catalog-must-patch-list\/\">Known Exploited Vulnerability list,<\/a> sometimes dubbed the \u201cmust patch\u201d list because federal agencies are required to implement fixes and because the vulnerability has been seen being exploited in real scenarios rather than theoretical ones. For the Fortinet vulnerability, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-23113\">rated 9.8 on the vulnerability scale<\/a>, CISA on Wednesday gave agencies until Oct. 30.<\/p>\n<p>Fortinet released a fix for the flaw, which it discovered itself internally, back in February. But it noted that it \u201cshould be used as a mitigation and not as a complete workaround\u201d because it would \u201creduce the attack surface but it won\u2019t prevent the vulnerability from being exploited from this IP.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>According to the Shadowserver Foundation, the biggest number of likely vulnerable IPs as of Sunday were in Asia (37,778), followed by North America (21,262) and Europe (16,381).<\/p>\n<p>CISA said it was unknown if the vulnerability was being used in ransomware attacks.<br \/>In June, the Dutch Military Intelligence and Security Service <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/chinese-hackers-breached-20-000-fortigate-systems-worldwide\/\">warned that<\/a> a different Fortinet vulnerability had been exploited in a Chinese cyber espionage campaign that was \u201cmuch larger than previously known.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"author-card\" readability=\"7.7216117216117\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/tens-of-thousands-of-ips-vulnerable-to-fortinet-flaw-dubbed-must-patch-by-feds-1.jpg?w=640&ssl=1\" alt=\"Tim Starks\"> <\/figure>\n<\/p><\/div>\n<div class=\"author-card__details\" readability=\"10.901098901099\">\n<h4 class=\"author-card__name\">Written by Tim Starks<\/h4>\n<p> Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he’s covered cybersecurity since 2003. Email Tim here: <a href=\"mailto:tim.starks@cyberscoop.com\">tim.starks@cyberscoop.com<\/a>. <\/div>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/ips-vulnerable-fortinet-flaw-must-patch\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tens of thousands of IPs vulnerable to Fortinet flaw dubbed<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2809,1209,78,2833,452,1024,917,1766,2183,2879,2880,288],"tags":[2816,668,86,2836,454,1025,921,1771,2186,2881,2882,294],"class_list":["post-5759","post","type-post","status-publish","format-standard","hentry","category-asia","category-cisa","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency","category-cybersecurity-and-infrastructure-security-agency-cisa","category-europe","category-fortinet","category-known-exploited-vulnerabilities-kev","category-netherlands","category-remote-code-execution","category-shadowserver","category-threats","tag-asia","tag-cisa","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-europe","tag-fortinet","tag-known-exploited-vulnerabilities-kev","tag-netherlands","tag-remote-code-execution","tag-shadowserver","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/asia\/\" rel=\"category tag\">Asia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisa\/\" rel=\"category tag\">CISA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/europe\/\" rel=\"category tag\">Europe<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fortinet\/\" rel=\"category tag\">Fortinet<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/known-exploited-vulnerabilities-kev\/\" rel=\"category tag\">known exploited vulnerabilities (KEV)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/netherlands\/\" rel=\"category tag\">Netherlands<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/remote-code-execution\/\" rel=\"category tag\">remote code execution<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/shadowserver\/\" rel=\"category tag\">Shadowserver<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5759","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5759"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5759\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5759"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5759"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5759"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":5759,"date":"2024-10-14T11:22:58","date_gmt":"2024-10-14T16:22:58","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=82136"},"modified":"2024-10-14T11:22:58","modified_gmt":"2024-10-14T16:22:58","slug":"tens-of-thousands-of-ips-vulnerable-to-fortinet-flaw-dubbed-must-patch-by-feds","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/10\/14\/tens-of-thousands-of-ips-vulnerable-to-fortinet-flaw-dubbed-must-patch-by-feds\/","title":{"rendered":"Tens of thousands of IPs vulnerable to Fortinet flaw dubbed \u2018must patch\u2019 by feds"},"content":{"rendered":"