Security News > 2021 > August > Fortinet delays patching zero-day allowing remote server takeover

Fortinet delays patching zero-day allowing remote server takeover
2021-08-17 13:00

Fortinet has delayed patching a zero-day command injection vulnerability found in the FortiWeb web application firewall until the end of August.

They have abused the CVE-2018-13379 Fortinet SSL VPN vulnerability to compromise Internet-exposed U.S. election support systems, with Fortinet warning customers to patch the flaw in August 2019, July 2020, November 2020, and again in April 2021.

In November, a threat actor shared a list of one-line CVE-2018-13379 exploits that could've been used to steal VPN credentials for approximately 50,000 Fortinet VPN servers, including government entities and banks.

In April, the FBI and CISA warned of state-sponsored hacking groups gaining access to Fortinet appliances by exploiting CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591 FortiOS vulnerabilities.

One month later, the FBI issued a flash alert warning of state-sponsored attackers breaching a US municipal government server after compromising a Fortinet FortiGate firewall appliance.

In addition to directly communicating with researchers, our disclosure policy is clearly outlined on the Fortinet PSIRT Policy page, which includes asking incident submitters to maintain strict confidentiality until complete resolutions are available for customers.


News URL

https://www.bleepingcomputer.com/news/security/fortinet-delays-patching-zero-day-allowing-remote-server-takeover/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-08-14 CVE-2019-5591 Information Exposure vulnerability in Fortinet Fortios
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.
low complexity
fortinet CWE-200
3.3
2020-07-24 CVE-2020-12812 Improper Handling of Case Sensitivity vulnerability in Fortinet Fortios
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
network
low complexity
fortinet CWE-178
critical
9.8
2019-06-04 CVE-2018-13379 Path Traversal vulnerability in Fortinet Fortios
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
network
low complexity
fortinet CWE-22
5.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Fortinet 164 56 387 164 77 684