Over 10,000 Fortinet firewalls remain exposed on the public internet, vulnerable to a critical two-factor authentication (2FA) bypass bug first reported in 2018. Despite patches being released years ago, a mix of legacy hardware, tactical patch management, poor visibility, and restrictive change policies has left many devices at risk. Attackers exploiting this flaw can bypass 2FA to access firewall management interfaces, posing serious threats to organisations’ networks. IT teams must urgently audit configurations, prioritise patching, and recognise that even robust controls like 2FA can be rendered ineffective by unpatched vulnerabilities. Maintaining outdated infrastructure is not defensible; prompt patching is essential to avoid preventable breaches and compromise.
Five-Year-Old Fortinet 2FA Bypass Vulnerabilities Linger in Thousands of Exposed Firewalls
