FBI & CISA Warning – FortiOS Vulnerabilities are Actively Exploited

APT’s exploit Fortinet FortiOS vulnerabilities to compromise systems belonging to government and commercial entities, warn US agencies. Threat actors are scanning for three high severity vulnerabilities that have not been patched.

CVE-2018-13379, CVE-2020-12812 and, CVE-2019-5591 are actively being exploited. Each of these vulnerabilities is public and the vendor issued patches, but unless IT administrators apply the fixes, Fortinet FortiOS builds remain open to compromise.

CVE-2018-13379 impacts FortiOS versions:

• 5.4 – 5.4.12
• 5.6 – 5.6.7
• 6.0 – 6.0.4

CVE-2020-12812 impacts FortiOS versions:

• 6.4.0
• 6.2.0 – 6.2.3
• 6.0.9 and below

CVE-2019-5591 impacts FortiOS versions:

• 6.2.0

The impact

The impact of these vulnerabilities are as follows:

• A path traversal vulnerability that allows an unauthenticated attacker to download system files through malicious HTTP requests
• Broken authentication where attackers only need to provide credentials without guessing the legitimate users second chosen authentication method
• An SSL issue that allows an attacker to intercept and decrypt sensitive messages in transit

The remediation

Each of these CVEs has an existing patch, and it is highly recommended that users running outdated versions of the FortiOS upgrade immediately.

Source: zdnet