FortiGate Admin-Hijack Operator Plants Hidden Backdoors and Steals Full Device Configuration
A skilled operator used CVE-2022-40684 to take over an internet-facing FortiGate through its REST API: six backdoor super-admin accounts, an SSH key for re-entry, the admin account hidden from the GUI, MFA disabled, and the full configuration stolen. No malware.
2026-06-09