FBI and CISA warn that Fortinet FortiOS vulnerabilities are being actively exploited

US agencies have warned that the Advanced Persistent Threat (APT) group is exploiting a vulnerability in Fortinet FortiOS to compromise systems belonging to government and private sectors.

Last week, the FBI and the US Cyber ​​Security and Infrastructure Security Agency (CISA) announced that cyber attackers are actively scanning unpatched systems to resolve three critical vulnerabilities. We have issued a joint alert (.PDF) to warn you.

Fortinet FortiOS, the operating system behind the Fortinet Security Fabric, is a solution designed to improve enterprise security, covering endpoints, cloud deployments, and centralized networks.

Authorities state that CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591 are being abused. Each of these vulnerabilities is known and patches have been issued by the vendor, but the Fortinet FortiOS build remains at risk unless the IT administrator applies the fix.

CVE-2018-13379: Published CVSS Severity Score 9.8. This path traversal vulnerability could affect the FortiOS SSL VPN portal, allowing an unauthenticated attacker to download system files via a malicious HTTP request. FortiOS versions 5.4-5.4.6 to 5.4.12, 5.6-5.6.3 to 5.6.7, and 6.0-6.0.0 to 6.0.4 are affected.

CVE-2020-12812: This improper authentication issue, also seen on FortiOS SSL VPN, earned a CVSS score of 9.8 because users can log in without being asked for two-factor authentication if they change case. I have. username. FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below contain this bug.

CVE-2019-5591: This vulnerability with a CVSS score of 7.5 is a default configuration issue under FortiOS 6.2.0, where an unauthenticated attacker (on the same subnet) impersonates an LDAP server to intercept sensitive data. There is likely to be.

According to the advisory, APT scans with a particular focus on open and vulnerable systems belonging to government, technology, and commercial services.

“APT actors use any or all of these CVEs to access networks across multiple critical infrastructure sectors and to key networks as a pre-deployment for subsequent data breaches or data encryption attacks. It may be, “said the agency. “APT actors may use other CVEs or common exploit techniques (such as spear phishing) to access critical infrastructure networks and pre-deploy subsequent attacks.”

CVE-2018-13379 was resolved in May 2019, followed by CVE-2019-5591 in July of the same year. A patch for CVE-2020-12812 was published in July 2020.

“Customer security is our number one priority,” Fortinet said in a statement. “”[…] If you haven’t done so already, we recommend that you implement the upgrade and mitigation immediately. ”

Previous and related coverage

Do you have any hints? Securely contact via WhatsApp | +447713 025 499, or key-based signal: charlie0

FBI and CISA warn that Fortinet FortiOS vulnerabilities are being actively exploited

Source link FBI and CISA warn that Fortinet FortiOS vulnerabilities are being actively exploited

Back to top button