Fortinet Vulnerabilities Being Actively Exploited
The FBI and US Cybersecurity and Infrastructure Security Agency issue joint alert: cyber attackers are actively scanning for Fortinet systems that have not been patched.
US agencies have warned that advanced persistent threat (APT) groups are exploiting Fortinet FortiOS vulnerabilities to compromise systems belonging to government and commercial entities. These vulnerabilities are known and patches have been issued, but unless IT administrators apply the fixes, Fortinet FortiOS builds remain open to compromise.
Fortinet FortiOS, an operating system underpinning Fortinet Security Fabric, is a solution designed to improve enterprise security, covering endpoints, cloud deployments, and centralized networks. The agencies say that three issues are being exploited (CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591) as detailed here:
CVE-2018-13379: Issued a CVSS severity score of 9.8, this path traversal vulnerability impacts the FortiOS SSL VPN portal and can permit unauthenticated attackers to download system files through malicious HTTP requests. FortiOS versions 5.4 - 5.4.6 to5.4.12, 5.6 - 5.6.3 to 5.6.7, and 6.0 - 6.0.0 to 6.0.4 are affected.
CVE-2020-12812: This improper authentication issue, also found in FortiOS SSL VPN, has earned a CVSS score of 9.8 as it permits users to be able to log in without being prompted for second-factor authentication if they change the case of their username. FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below contain this bug.
CVE-2019-5591: With a CVSS score of 7.5, this vulnerability is a default configuration problem in FortiOS 6.2.0 and below that can allow unauthenticated attackers -- on the same subnet -- to intercept sensitive data by impersonating a LDAPserver.
According to the advisory, APTs are scanning with a particular focus on open, vulnerable systems belonging to government, technology, and commercial services.
"The APT actors may be using any or all of these CVEs to gain access to networks across multiple critical infrastructure sectors to gain access to key networks as pre-positioning for follow-on data exfiltration or data encryption attacks," the agencies say. "APTactors may use other CVEs or common exploitation techniques -- such as spear phishing -- to gain access to critical infrastructure networks to pre-position for follow-on attacks."
CVE-2018-13379 was resolved in May 2019,followed by CVE-2019-5591 in July of the same year. A patch was issued forCVE-2020-12812 in July 2020.
"The security of our customers is our first priority," Fortinet said in a statement. "If customers have not done so, we urge them to immediately implement the upgrade and mitigations."
Article was originally written by Charlie Osborne for Zero Day and published on ZDNet at www.zdnet.com/article/fbi-cisa-warn-of-active-exploit-of-fortinet-fortios-vulnerabilities
More from the author
Windows 11 available October 5
The new Windows 11 operating system will be available October 5th as a free upgrade, or pre-loaded on new hardware.
CISA shares guidance on how to prevent ransomware data breaches
"Ransomware is a serious and increasing threat to all government and private sector rganizations, including critical infrastructure organizations. All organizations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems."
Windows 11 brings refinement to the right-click menu
With the release of Windows 11 this October, Microsoft is refining its popular right-click menu. While most folks could never get through their day without “right clicking”, the menu has grown (unregulated) for 20 years. Read on if you’re curious for a look...
How to Mitigate Microsoft Print Spooler Vulnerability – PrintNightmare
This week, PrintNightmare - Microsoft's Print Spooler vulnerability was upgraded from 'Low' to 'Critical'. Here's what you need to know and how to mitigate your risk.
Microsoft’s new Fluid Office is bringing documents to life
The biggest change to Microsoft’s Office in decades is coming to life as employees return to their offices and the new hybrid work experience takes hold.