Security News > 2021 > April > FBI: APTs Actively Exploiting Fortinet VPN Security Holes

UPDATE. The FBI and the Cybersecurity and Infrastructure Security Agency are warning that advanced persistent threat nation-state actors are actively exploiting known security vulnerabilities in the Fortinet FortiOS cybersecurity operating system, affecting the company's SSL VPN products.

The bug tracked as CVE-2018-13379 is a path-traversal issue in Fortinet FortiOS, where the SSL VPN web portal allows an unauthenticated attacker to download system files via specially crafted HTTP resource requests.

"These three vulnerabilities targeting the Fortinet VPN allow an attacker to obtain valid credentials, bypass multifactor authentication, and man-in-the-middle authentication traffic to intercept credentials."

"CVE-2018-13379 is a critical vulnerability in the Fortinet FortiOS SSL VPN that has been favored by cybercriminals since exploit details became public in August 2019," Satnam Narang, staff research engineer at Tenable, said via email.

In October an alert went out that APTs were using flaws in outdated VPN technologies from Fortinet, Palo Alto Networks and Pulse Secure to carry out cyberattacks on targets in the United States and overseas.

"Over the last few years, SSL VPN vulnerabilities have been an attractive target for APT groups and cybercriminals alike. With the shift to remote work and the increased demand for SSL VPNs like Fortinet and others, the attack surface and available targets have expanded. Organizations should take this advisory seriously and prioritize patching their Fortinet devices immediately if they haven't done so already."

News URL

https://threatpost.com/fbi-apts-actively-exploiting-fortinet-vpn-security-holes/165213/