Security News > 2020 > October > Hackers used VPN flaws to access US govt elections support systems

Hackers used VPN flaws to access US govt elections support systems
2020-10-12 13:47

Government-backed hackers have compromised and gained access to US elections support systems by chaining together VPN vulnerabilities and the recent Windows CVE-2020-1472 security flaw.

"Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks," says a joint security advisory published by CISA and the FBI. Despite that, CISA added that it is "Aware of some instances where this activity resulted in unauthorized access to elections support systems."

To gain access to these systems, the attackers exploited Internet-exposed servers using the CVE-2018-13379 vulnerability in the Fortinet FortiOS Secure Socket Layer VPN or the CVE-2020-15505 flaw in the MobileIron Unified Endpoint Management for mobile devices to gain initial access.

"Actors have then been observed using legitimate remote access tools, such as VPN and Remote Desktop Protocol, to access the environment with the compromised credentials," CISA adds.

Even though the APT hackers have exploited the CVE-2018-13379 FortiOS SSL VPN web portal vulnerability to gain network access, CISA warns that they could use any other vulnerability to target unpatched and Internet-facing network edge devices in their attacks.


News URL

https://www.bleepingcomputer.com/news/security/hackers-used-vpn-flaws-to-access-us-govt-elections-support-systems/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-08-17 CVE-2020-1472 Use of Insufficiently Random Values vulnerability in multiple products
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC).
5.5
2020-07-07 CVE-2020-15505 Use of Incorrectly-Resolved Name or Reference vulnerability in Mobileiron products
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
mobileiron CWE-706
critical
9.8
2019-06-04 CVE-2018-13379 Path Traversal vulnerability in Fortinet Fortios and Fortiproxy
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
network
low complexity
fortinet CWE-22
critical
9.8