On Wednesday, BleepingComputer reported that it's been in touch with a threat actor who leaked a list of nearly half a million Fortinet VPN credentials, allegedly scraped from exploitable devices last summer. The news outlet has analyzed the file and reported that it contains VPN credentials for 498,908 users over 12,856 devices.
Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices. "These credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor's scan. While they may have since been patched, if the passwords were not reset, they remain vulnerable," the company said in a statement on Wednesday.
A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer.While the threat actor states that the exploited Fortinet vulnerability has since been patched, they claim that many VPN credentials are still valid.
Details have emerged about a new unpatched security vulnerability in Fortinet's web application firewall appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system. "An OS command injection vulnerability in FortiWeb's management interface can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page," cybersecurity firm Rapid7 said in an advisory published Tuesday.
A command injection vulnerability exists in Fortinet's management interface for its FortiWeb web app firewall, according to infosec firm Rapid7. An authenticated attacker can use the vuln to execute commands as root on the Fortiweb device, Rapid7 said in a blog post.
The OS command-injection bug, in the web application firewall platform known as FortiWeb, will get a patch at the end of the month. An unpatched OS command-injection security vulnerability has been disclosed in Fortinet's web application firewall platform, known as FortiWeb.
Researchers have discovered a vulnerability in Fortinet's FortiWeb web application firewall, and while it has been classified as high severity, the actual risk of exploitation in the wild seems low. Tod Beardsley, director of research at Rapid7, told SecurityWeek that they have not seen any information from Fortinet regarding a patch, but they do expect the vulnerability to be fixed soon.
n unpatched vulnerability in the management interface for FortiWeb, Fortinet's web application firewall, could allow a remote, authenticated attacker to execute arbitrary commands on the system, Rapid7 researcher William Vu has discovered."It requires access to the web-based management console, which, as near as we can tell, is exceedingly rare. Of the million or so Fortinet devices that are findable on the open internet, we only see something like 100 to 300 devices that have their management consoles exposed," he told Help Net Security.
Fortinet has delayed patching a zero-day command injection vulnerability found in the FortiWeb web application firewall until the end of August. They have abused the CVE-2018-13379 Fortinet SSL VPN vulnerability to compromise Internet-exposed U.S. election support systems, with Fortinet warning customers to patch the flaw in August 2019, July 2020, November 2020, and again in April 2021.
Fortinet has released security updates to address a command injection vulnerability that can let attackers take complete control of servers running vulnerable FortiWeb web application firewall installations. Financially motivated and state-sponsored threat actors have been heavily targeting unpatched Fortinet servers over the years.