There Are Still More Than 338,000 Unpatched FortiGate Firewalls
You might not personally own or work with a FortiGate firewall VPN devices but you can be sure that you interact with several while you are browsing the web. Unfortunately there is also a good chance that they are currently vulnerable to a serious exploit as well over a quarter million of the devices remain unpatched. This is bad news not just for your bank, content provider or online store but is also bad news for you.
When you are using a VPN you like to think your packets are travelling through secure hardware, but sadly this bug is being exploited in the wild. It allows an attacker to trigger remote code execution on the device, which can be used to give them complete control over network traffic. This could allow you to be redirected to an imposter site, without any sign on your end as the VPN connection itself will remain active and all will look good on your end.
The patch has been available for almost a month now, unfortunately there are a large number of devices which have yet to be patched. Hopefully the number of unpatched devices will fall quickly, but for now be extra careful out there.
Fortinet did not respond to The Register's inquiries about how many products remain unpatched.