UPDATED 16:00 EDT / NOVEMBER 02 2022

SECURITY

Penetration tester Horizon3.ai identifies Fortinet exploit source, assists those checking for potential attacks

In early October, cybersecurity company Fortinet Inc. made headlines after a severe vulnerability was exposed in several of its productions.

The zero-day flaw allowed potential remote attackers to access on-premises management controls on  Fortinet’s core products FortiOS, FortiSwitchManager and FortiProxy, causing potentially catastrophic damages to affected users.

Penetration tester company Horizon3.ai Inc. was one of the key players in assisting potential victims, using its expertise to identify the source of the vulnerability by replicating it.

“We want to be to have a tool that can be used to exploit our customer system safely to prove that they’re vulnerable, so then they can go and fix it,” said James Horseman (pictured, right), exploit developer at Horizon3.ai. “The earlier that we have these tools to exploit, the quicker our customers can patch and verify that they are no longer vulnerable. So that’s the drive for us to go after these breaking exploits.”

Horseman and Zach Hanley (pictured, left), chief attack engineer at Horizon3.ai, spoke with theCUBE industry analyst John Furrier during an exclusive CUBE Conversation broadcasted on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how they discovered the vulnerability, how they helped those possibly affected, and how the vulnerability could have been used to launch attacks.

Identification through replication

Horizon3.ai first heard about the vulnerability on Twitter, immediately noticing it affected Fortinet’s key products. The team was able to replicate the exploit after running both the patched and unpatched versions of the product and highlighting the differences.

“Because we already had the exploit, what we did was we exploited our test Fortinet devices in our lab,” Hanley explained. “And we collected our own indicators of compromise and wrote those up. And then we released them … so that people would have a better indication to judge their environments if they’ve been already exploited in the wild by this issue.”

This specific vulnerability allows attackers to make any request they wanted in a remote system as if they were an administrator. The vulnerability was a natural consequence of a growingly complex system and not an intentional channel of attack, according to Hanley. Cyber terrorists still seek out these unintentional vulnerabilities to conduct their attacks, especially on vulnerabilities that infiltrate edge devices.

“These edge devices are super important, and they’re going to get a lot of eyes from attackers trying to figure out different ways to get into the system,” Hanley said. “And as you saw, this was in the wild exploited, and that’s how Fortinet became aware of it. So, obviously, there are some attackers out there doing this right now.”

Here’s the complete video interview, one of many CUBE Conversations from SiliconANGLE and theCUBE:

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.