Enterprise networks compromised through the exploitation of a recently patched Fortinet vulnerability, tracked as CVE-2022-30684, are having their access sold by initial access brokers over the web, according to SecurityWeek.
Vulnerable FortiOS, FortiSwitchManager, and FortiProxy instances have been targeted by threat actors with the flaw since Oct. 17 and numerous unauthorized Fortinet VPN access points are being distributed by a threat actor in a Russian cybercrime forum, a report from Cyble revealed.
"While analyzing the access, it was found that the attacker was attempting to add their own public key to the admin users account. As per intelligence gathered from sources, the victim organizations were using outdated FortiOS. Hence, with high confidence, we conclude that the threat actor behind this sale exploited CVE-2022-40684," said Cyble.
The report comes after Fortinet reported about the growing number of attacks exploiting the flaw, as well as the emergence of a public proof-of-concept code.