Fortinet FortiSandbox flaws exploited in active attacks

Security firms report active exploitation of two critical vulnerabilities in Fortinet's FortiSandbox appliance, defects the vendor disclosed in April. The flaws affect unspecified versions of the network security product, which is used for advanced threat detection.

Multiple organizations have observed targeted attacks leveraging these vulnerabilities, according to CyberScoop. Unlike a single coordinated campaign, the exploitation originates from several distinct sources, indicating broad awareness and weaponization of the flaws.

Technical details remain sparse, but the vulnerabilities carry a critical severity rating. Attackers are exploiting the defects to compromise FortiSandbox deployments, potentially gaining unauthorized access to sensitive network environments.

Fortinet has not yet released patches for the vulnerabilities, though the company typically issues updates on a monthly cycle. Until fixes are available, administrators are advised to restrict network access to the affected appliances and monitor for signs of compromise.

The rapid transition from disclosure to exploitation underscores the persistent risk facing widely deployed security appliances. Organizations running FortiSandbox should prioritize patching once updates become available and review logs for indicators of compromise.