Fortinet FortiOS Vulnerabilities Under Active Exploitation

A warning has been released by US security agencies to raise awareness of threat groups exploiting known vulnerabilities in unpatched Fortinet FortiOS installations.

Threat ID:: CC-3814
Category:: Exploit
Threat Severity:: Medium
Threat Vector:: Exploit
Published:: 6 April 2021 7:59 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

A warning has been released by US security agencies to raise awareness of threat groups exploiting known vulnerabilities in unpatched Fortinet FortiOS installations.

Affected platforms

The following platforms are known to be affected:

Fortinet FortiOS Versions: all prior to 6.4.1 / 6.2.4 / 6.0.10

Threat details

Introduction

The US Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have released a joint warning about Advanced Persistent Threat (APT) actors scanning for known vulnerabilities in internet-facing Fortinet devices. It is considered to be likely that APTs are exploiting these vulnerabilities to gain initial access to networks.

Vulnerabilities

The vulnerabilities being targeted have previously been addressed in security updates released by Fortinet. A remote attacker can exploit the vulnerabilities to download system files, intercept sensitive data and bypass multi-factor authentication.

More information on the vulnerabilities can be found in the following Fortinet Security Advisories:

Remediation advice

Administrators should ensure that security updates have been applied to all Fortinet devices running FortiOS. The server-identity-check option should be tested and enabled as this is not automatically applied when upgrading FortiOS for compatibility reasons.

CVE Vulnerabilities

Status Published

CVE-2018-13379

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

Status Published

CVE-2019-5591

A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.

Status Published

CVE-2020-12812

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.

Last edited: 6 April 2021 8:23 pm