Security News > 2020 > October > The seven deadly sins letting hackers hijack America's govt networks: These unpatched bugs leave systems open

The seven deadly sins letting hackers hijack America's govt networks: These unpatched bugs leave systems open
2020-10-12 23:26

If you're wondering which bugs in particular miscreants are exploiting to break into, or attempt to break into, US government networks, wonder no more.

"CISA is aware of multiple cases where the Fortinet FortiOS SSL VPN vulnerability CVE-2018-13379 has been exploited to gain access to networks," explained Homeland Security's Cybersecurity and Infrastructure Security Agency in its advisory.

"To a lesser extent, CISA has also observed threat actors exploiting the MobileIron vulnerability CVE-2020-15505. While these exploits have been observed recently, this activity is ongoing and still unfolding. After gaining initial access, the actors exploit CVE-2020-1472 to compromise all Active Directory identity services."

The agency said systems run by government organizations, great and small, have been targeted as well as private networks: "This recent malicious activity has often, but not exclusively, been directed at federal and state, local, tribal, and territorial government networks."

The advice today is to address the above seven flaws - the fixes have been available for a long while - assume you've already been compromised and work from there, reset account credentials if ZeroLogon has been exploited, and more.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/10/12/cisa_fbi_warning/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-08-17 CVE-2020-1472 Use of Insufficiently Random Values vulnerability in multiple products
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC).
0.0
2020-07-07 CVE-2020-15505 Use of Incorrectly-Resolved Name or Reference vulnerability in Mobileiron products
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
mobileiron CWE-706
critical
9.8
2019-06-04 CVE-2018-13379 Path Traversal vulnerability in Fortinet Fortios and Fortiproxy
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
network
low complexity
fortinet CWE-22
critical
9.8