According to an analyst at BleepingComputer, this particular exploit and other older exploits are still in play due to some organization’s slow patching process. Organizations are highly recommended to apply security patches as soon as they become available and to prioritize the patching of any system directly connected to the Internet with a publicly routable IP address, as well as any internal system that would allow an attacker to escalate their privileges to an administrator. Doing so will ensure that the latest security information from the program’s author is installed. If an organization is using Fortinet VPN, they should go to the website of Fortinet and download the patch immediately. It is also recommended, when looking for security patches, to only download them from the original company’s site—third party patches could potentially contain hidden malware or other nefarious code. After applying a patch, it is important to review the device’s log files to determine whether it was exploited before the patch was applied. If it was compromised or if the logs are insufficient to be sure, changing any passwords that might have been exposed is crucial to prevent attackers from returning later by using previously-stolen passwords.

Source Article: https://www.bleepingcomputer.com/news/security/hacker-posts-exploits-for-over-49-000-vulnerable-fortinet-vpns/