The FBI has issued a warning of active exploitation of three known vulnerabilities in FortiOS

The FBI has issued a warning of active exploitation of three known vulnerabilities in FortiOS, the operating system used in Fortinet's network solutions, such as firewalls and VPN systems. These are CVE-2018-13379, CVE-2019-5591 and CVE-2020-12812.

According to the FBI, multiple Advanced Persistent Threat (APT) groups are exploiting the vulnerabilities to gain access to government and corporate networks and then steal data or launch ransomware attacks. Last month, the FBI saw these groups perform scans on ports 4443, 8443, and 10443 to find vulnerable Fortinet devices ( PDF ).

CVE-2018-13379 is a vulnerability in the FortiOS SSL VPN web portal. The vulnerability has been assessed on a scale of 1 to 10 with regard to impact with a 9.8. Path traversal allows an unauthenticated attacker to download FortiOS system files. In this way, an attacker can obtain the credentials of logged in VPN users. Exploits exploiting the vulnerability have been available for over a year. Fortinet released a security update to the vulnerability on May 24, 2019.

CVE-2019-5591 is a vulnerability in FortiOS that could allow an unauthenticated attacker on the same subnet to intercept sensitive information by posing as the LDAP server. The impact of this vulnerability has been rated with a 7.5. A security update has been available for this vulnerability since July 26, 2019.

Last July, Fortinet released a patch for the third vulnerability, CVE-2020-12812 . This vulnerability allows an attacker to log in without specifying a second factor, even though it is enabled. This problem occurs when two-factor authentication is enabled in the "user local" setting and a remote authentication method is configured for this user. By changing the username, an attacker could then bypass two-factor authentication. This vulnerability has an impact score of 9.8.

Since security updates for these vulnerabilities have been available for some time, the FBI recommends installing the patch right away. Furthermore, a series of general security advice is given to improve the security of systems.

Previous Post Next Post