Fortinet Firewall API Flaw Hits Dark Web for $12,000

A threat actor is allegedly selling a Fortinet Firewall API Flaw exploit tool on a dark web marketplace, raising alarms across the cybersecurity sector. Priced at $12,000 and supported by escrow services, the tool reportedly targets over 170 unsecured FortiOS API endpoints, granting unauthorized access to sensitive data on vulnerable FortiGate firewall systems.

Leaked forum ads claim the exploit automates data extraction from FortiOS versions 7.2 and earlier, including 6.x releases. The Fortinet Firewall API Flaw tool uses multi-threaded techniques to simultaneously scan multiple devices and extract more than 150 configuration files per session. Attackers can retrieve firewall rules, VPN logs, admin credentials, and other critical configurations without authentication—only the device’s IP and open API port are needed.

Security experts urge organizations using affected FortiOS versions to restrict API exposure and apply available patches. For further details, read the full report at:

Threat Actor Allegedly Selling FortiGate API Exploit Tool Targeting FortiOS