Fortinet Vulnerabilities being actively exploited says FBI CISA
Last week FBI and US Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert to government and commercial entities regarding active, persistent threat (APT) actors are targeting vulnerabilities in FortiOS to compromise their systems.
Fortinet’s FortiOS is the heart of the Fortinet Security Fabric solution designed to improve enterprise security, covering endpoints, cloud deployments, and centralized networks.
The agencies warned users that attackers are targeting three known vulnerabilities in the FortiOS that have been published and know to exists for at least a year. The vulnerabilities CVE-2018–13379, CVE-2020–12812, and CVE-2019–5591 are being exploited by the APT.
CVE-2018–13379 has a CVSS score of 9.8. It is a Path Traversal vulnerability that impacts the FortiOS SSL VPN portal and permits unauthenticated attackers to download system files through malicious HTTP requests. FortiOS versions 5.4–5.4.6 to 5.4.12, 5.6–5.6.3 to 5.6.7, and 6.0–6.0.0 to 6.0.4 are affected. Fortinet released the resolution for the vulnerability in May 2019.
CVE-2019–5591 has a CVSS score of 7.5 and is a default configuration vulnerability that allows unauthenticated attackers on the same subnet to intercept sensitive information by impersonating the LDAP server. Fortinet released the resolution for this vulnerability in July 2019.
CVE-2020–12812 has a CVSS score of 9.8. It is an improper authentication vulnerability in SSL VPN, allowing for attackers to log in successfully without being prompted for the two-factor authentication (FortiToken) if they changed the case of their username. FortiOS version 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below are affected. The resolution was released in July 2020.
APT actors are currently scanning for these unpatched vulnerabilities to access multiple governments, commercial and technology services networks.
Historically APT actors have used these vulnerabilities to perform distributed denial-of-service (DDoS) attacks, ransomware attacks, structured query language (SQL) injection attacks, spear-phishing campaigns, website defacements, and disinformation campaigns. The main issue is that once the attackers are inside the network, it is challenging to differentiate between genuine users and attackers. Further, once these attackers gain network access across multiple critical infrastructure sectors, they may be in pre-positioning for follow-on data exfiltration or data encryption attacks.
Given the severity of these flaws and attack methods, agency officials again urge critical infrastructure entities to apply the Fortinet software update to the impacted devices immediately. This will help secure their networks and may help prevent a crisis from happening in case of compromise or further secure your network making it more difficult for attackers to compromise your networks.
To Know More visit us
