Security News > 2020 > November > Hacker posts exploits for over 49,000 vulnerable Fortinet VPNs
A hacker has posted a list of one-line exploits to steal VPN credentials from almost 50,000 Fortinet VPN devices.
The vulnerability being referred to here is CVE-2018-13379, a path traversal flaw impacting a large number of unpatched Fortinet FortiOS SSL VPN devices.
The exploit posted by the hacker lets attackers access the sslvpn websession files from Fortinet VPNs to steal login credentials.
"The security of our customers is our first priority. In May 2019 Fortinet issued a PSIRT advisory regarding an SSL vulnerability that was resolved, and have also communicated directly with customers and again via corporate blog posts in August 2019 and July 2020 strongly recommending an upgrade," a Fortinet spokesperson told BleepingComputer.
"In the last week, we have communicated with all customers notifying them again of the vulnerability and steps to mitigate. While we cannot confirm that the attack vectors for this group took place via this vulnerability, we continue to urge customers to implement the upgrade and mitigations. To get more information, please visit our updated blog and immediately refer to the May 2019 [PSIRT] advisory," concluded Fortinet.
News URL
Related news
- Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics (source)
- ⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware (source)
- Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet (source)
- Hackers exploit OttoKit WordPress plugin flaw to add admin accounts (source)
- Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell (source)
- Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own (source)
- Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-04 | CVE-2018-13379 | Path Traversal vulnerability in Fortinet Fortios and Fortiproxy An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. | 9.8 |