Skip to main content

Fortinet FortiOS Vulnerabilities Under Active Exploitation

A warning has been released by US security agencies to raise awareness of threat groups exploiting known vulnerabilities in unpatched Fortinet FortiOS installations.

Report a cyber attack: call 0300 303 5222 or email carecert@nhsdigital.nhs.uk

Summary

A warning has been released by US security agencies to raise awareness of threat groups exploiting known vulnerabilities in unpatched Fortinet FortiOS installations.


Affected platforms

The following platforms are known to be affected:

Fortinet FortiOS Versions: all prior to 6.4.1 / 6.2.4 / 6.0.10


Threat details

Introduction

The US Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have released a joint warning about Advanced Persistent Threat (APT) actors scanning for known vulnerabilities in internet-facing Fortinet devices. It is considered to be likely that APTs are exploiting these vulnerabilities to gain initial access to networks.


Vulnerabilities

The vulnerabilities being targeted have previously been addressed in security updates released by Fortinet. A remote attacker can exploit the vulnerabilities to download system files, intercept sensitive data and bypass multi-factor authentication.

More information on the vulnerabilities can be found in the following Fortinet Security Advisories:


Remediation advice

Administrators should ensure that security updates have been applied to all Fortinet devices running FortiOS. The server-identity-check option should be tested and enabled as this is not automatically applied when upgrading FortiOS for compatibility reasons.


Last edited: 6 April 2021 8:23 pm