“CVE-2018-13379 is a critical vulnerability in the Fortinet FortiOS SSL VPN that has been favored by cybercriminals since exploit details became public in August 2019,” Satnam Narang, staff research engineer at Tenable, said via email.
The bugs are popular with cyberattackers in general, due to Fortinet’s widespread footprint, researchers noted.
Hanley added, “The common theme here is: once they are successful, they will look just like your normal users.” “These three vulnerabilities targeting the Fortinet VPN allow an attacker to obtain valid credentials, bypass multifactor authentication (MFA), and man-in-the-middle (MITM) authentication traffic to intercept credentials.” “Attackers are increasingly targeting critical external applications – VPNs have been targeted even more this last year,” said Zach Hanley, senior red team engineer at Horizon3.AI, via email. The CVE-2019-5591 flaw is a default-configuration vulnerability in FortiOS that could allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.Īnd finally, CVE-2020-12812 is an improper-authentication vulnerability in SSL VPN in FortiOS, which could allow a user to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username. The bug tracked as CVE-2018-13379 is a path-traversal issue in Fortinet FortiOS, where the SSL VPN web portal allows an unauthenticated attacker to download system files via specially crafted HTTP resource requests. “APT actors have historically exploited critical vulnerabilities to conduct distributed denial-of-service (DDoS) attacks, ransomware attacks, structured query language (SQL) injection attacks, spear-phishing campaigns, website defacements, and disinformation campaigns.”
“It is likely that the APT actors are scanning for these vulnerabilities to gain access to multiple government, commercial and technology services networks,” according to the alert. The FBI and the Cybersecurity and Infrastructure Security Agency are warning that advanced persistent threat (APT) nation-state actors are actively exploiting known security vulnerabilities in the Fortinet FortiOS cybersecurity operating system, affecting the company’s SSL VPN products.Īccording to an alert issued Friday by the FBI and CISA, cyberattackers are scanning devices on ports 4443, 843, looking for unpatched Fortinet security implementations.
0 kommentar(er)
