The immediate danger is that attackers exploiting these vulnerabilities can gain full control over affected firewalls, compromising the very systems designed to protect sensitive networks.
Even before patching, affected customers should immediately restrict access to the web management interface, preferably allowing only internal IPs.
The numbers reported by Shadowserver are very concerning, indicating that 7% of customers were compromised. With such a high ratio, it is essential not only to patch, but also to ensure that the device is free from any potential malware.
Users should check their audit logs for administrator activity to determine if a threat actor used the web interface for any malicious actions.
Collection
[
|
...
]