A large list of almost 50,000 internet-reachable Fortinet FortiGate virtual private networking systems that contain an easily exploitable vulnerability has been published on the web and social media.
Attackers can exploit the the path traversal vulnerability to download FortiOS system files remotely with no authentication required, if the secure sockets layer (SSL) VPN service is enabled.
It is possible to obtain the credentials of logged in SSL VPN users this way, Fortinet warned.
The flaw was reported to Fortinet in December 2018, with Taiwanese researchers Meh Chang and Orange Tsai documenting it along with several other vulnerabilities.
Fortinet has issued patched versions of its FortiOS operating system which have been available since May last year.
iTnews was able to find the list of unpatched servers through a vulnerability indexing service.
It is also possible to find potentially vulnerable systems through Google searches, so-called dorking, which find the Fortinet SSL VPN login pages.
The list contains several internet protocol addresses which appear to be assigned to Australian registered domains.
