In May 2019 Fortinet issued a PSIRT advisory regarding an SSL vulnerability that was resolved, and have also communicated directly with customers and again via corporate blog posts in August 2019 and July 2020 strongly recommending an upgrade," a Fortinet spokesperson told BleepingComputer. "The security of our customers is our first priority.
Fortinet vpn client associate domain name Patch#
Network administrators and security professionals are therefore encouraged to patch this severe vulnerability immediately.įortinet has issued a statement with regards to this vulnerability: Unfortunately, companies have a very slow patching process or an uncontrolled perimeter of exposure on the internet, and for this reason, attackers are able to exploit these flaws to compromise companies in all sectors with relative simplicity."Īs reported by BleepingComputer last month, the same flaw was leveraged by attackers to break into US government elections support systems. Attackers already use it for a long time. "This is an old, well known and easily exploited vulnerability. The analyst further told BleepingComputer, although this is an old bug that is trivial to exploit, organizations have "a very slow" patching process, enabling attackers to continue exploiting well-known bugs: The analyst then refined the obtained results to identify domain names associated with organizations of interest and notable banks. "To better find out which companies were impacted, I launched an nslookup on all the IPs on the list and for many of them, I found the associated domain."
Govt domains and leading bank websites remain vulnerable to CVE-2018-13379īank Security told BleepingComputer after he saw the forum post, he started analyzing the list of IPs to identify what all organizations were impacted. This week, threat intelligence analyst Bank_Security found a hacker forum thread where a threat actor shared a large 49,577 device list of such exploitable targets.
These stolen credentials could then be used to compromise a network and deploy ransomware.Īlthough the 2018 bug was publicly disclosed over a year ago, researchers have spotted around 50,000 targets that can still be targeted by attackers. The exploit posted by the hacker lets attackers access the sslvpn_websession files from Fortinet VPNs to steal login credentials. The vulnerability being referred to here is CVE-2018-13379, a path traversal flaw impacting a large number of unpatched Fortinet FortiOS SSL VPN devices.īy exploiting this vulnerability, unauthenticated remote attackers can access system files via specially crafted HTTP requests. Present on the list of vulnerable targets are domains belonging to high street banks and government organizations from around the world. A hacker has posted a list of one-line exploits to steal VPN credentials from almost 50,000 Fortinet VPN devices.