Security News > 2021 > August > Fortinet patches bug letting attackers takeover servers remotely

Fortinet patches bug letting attackers takeover servers remotely
2021-08-17 13:00

Fortinet has released security updates to address a command injection vulnerability that can let attackers take complete control of servers running vulnerable FortiWeb web application firewall installations.

Financially motivated and state-sponsored threat actors have been heavily targeting unpatched Fortinet servers over the years.

They have abused the CVE-2018-13379 Fortinet SSL VPN vulnerability to compromise Internet-exposed U.S. election support systems, with Fortinet warning customers to patch the flaw in August 2019, July 2020, November 2020, and again in April 2021.

In November, a threat actor shared a list of one-line CVE-2018-13379 exploits that could've been used to steal VPN credentials for approximately 50,000 Fortinet VPN servers, including government entities and banks.

In April, the FBI and CISA warned of state-sponsored hacking groups gaining access to Fortinet appliances by exploiting CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591 FortiOS vulnerabilities.

One month later, the FBI issued a flash alert warning of state-sponsored attackers breaching a US municipal government server after compromising a Fortinet FortiGate firewall appliance.


News URL

https://www.bleepingcomputer.com/news/security/fortinet-patches-bug-letting-attackers-takeover-servers-remotely/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-08-14 CVE-2019-5591 Information Exposure vulnerability in Fortinet Fortios
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.
low complexity
fortinet CWE-200
3.3
2020-07-24 CVE-2020-12812 Improper Handling of Case Sensitivity vulnerability in Fortinet Fortios
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.
network
low complexity
fortinet CWE-178
critical
9.8
2019-06-04 CVE-2018-13379 Path Traversal vulnerability in Fortinet Fortios
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
network
low complexity
fortinet CWE-22
5.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Fortinet 164 56 387 164 77 684