[split from unrelated thread - mod]
OK so now there is a tweet out there telling Foritgate users to check their stuff because of FreePBX servers getting pwned due to Fortigate exploits. However, so far the only publicly reported issue of this (this one) wasn’t due to a Fortigate exploit since the firewall had a rule allowing access to the GUI. Last time I check, putting a firewall rule in is not an exploit.
So in this thread we have one person saying “A few reported it to me” and in the tweet it’s “several” so can we quantify that? Is it more than 2 but less than 12? More than that? Has enough data been provided that shows this is a Fortigate exploit or is it cases like this one?They are using Fortigate but then they had a rule to allow access.
Since I can’t see how logically this can be a Foritgate exploit and only impact FreePBX systems, are there reports from Fortigate about any of these exploits? Firmware updates with a patch? Are there any suggested support steps users can take?
While it is totally possible others were pwned by Fortigate exploits, clearly the OP wasn’t because the firewall allowed the access and thus this particular instance is pointing more to exploits in Apache vs the firewall.