Threat Actor Details Exploits for Old Fortinet Vulnerability; Nearly 50,000 Potentially Vulnerable
NJCCIC Alert
Original Release Date: 11/25/2020
Summary
A threat actor has published a list of exploits for vulnerability CVE-2018-13379, a path traversal flaw that affects unpatched Fortinet FortiOS SSL VPN devices. Exploitation may allow threat actors to steal login credentials. Though this vulnerability is old, researchers assess that there are nearly 50,000 publicly exposed devices still unpatched. Additionally, researchers at Bank Security identified a list of IPs and plaintext credentials for 49,577 vulnerable devices published on a known threat actor forum. Approximately 40 of these domains belonged to banking institutions, large corporations, and government organizations. Fortinet issued a PSIRT advisory in May 2019 addressing the flaw and urges affected customers to upgrade immediately.
Recommendations
The NJCCIC urges Fortinet customers using affected devices to upgrade to the newest version after appropriate testing. Fortinet provides recommendations in their blog post and additional details can be found in the Bleeping Computer article.
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.