Security News > 2020 > October > Zerologon Chained With Fortinet, MobileIron Vulnerabilities in U.S. Government Attacks

The U.S. Cybersecurity and Infrastructure Security Agency has warned that government networks have been targeted in attacks exploiting the Zerologon vulnerability in combination with flaws affecting Fortinet and MobileIron products.

"This recent malicious activity has often, but not exclusively, been directed at federal and state, local, tribal, and territorial government networks. Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks," CISA said in an advisory written with contributions from the FBI. It added, "CISA is aware of some instances where this activity resulted in unauthorized access to elections support systems; however, CISA has no evidence to date that integrity of elections data has been compromised."

According to CISA, the attacks, which appear to be ongoing, have in many cases involved exploitation of CVE-2018-13379, a Fortinet FortiOS VPN vulnerability, and in some cases CVE-2020-15505, a recently detailed issue affecting MobileIron's mobile device management solutions.

While the attacks spotted by US agencies involved the Fortinet and MobileIron vulnerabilities, organizations have been warned that attackers could also leverage flaws in Citrix, Pulse Secure, Palo Alto Networks and F5 Networks products for the same purpose.

CISA issued its first warning about Zerologon being exploited in attacks in late September, shortly after it issued an emergency directive instructing federal agencies to immediately install the patches.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/tTLb1RtSaxg/zerologon-chained-fortinet-mobileiron-vulnerabilities-us-government-attacks