APT’s exploit Fortinet FortiOS vulnerabilities to compromise systems belonging to government and commercial entities, warn US agencies. Threat actors are scanning for three high severity vulnerabilities that have not been patched.
CVE-2018-13379, CVE-2020-12812 and, CVE-2019-5591 are actively being exploited. Each of these vulnerabilities is public and the vendor issued patches, but unless IT administrators apply the fixes, Fortinet FortiOS builds remain open to compromise.
CVE-2018-13379 impacts FortiOS versions:
- 5.4 – 5.4.12
- 5.6 – 5.6.7
- 6.0 – 6.0.4
CVE-2020-12812 impacts FortiOS versions:
- 6.4.0
- 6.2.0 – 6.2.3
- 6.0.9 and below
CVE-2019-5591 impacts FortiOS versions:
- 6.2.0
The impact
The impact of these vulnerabilities are as follows:
- A path traversal vulnerability that allows an unauthenticated attacker to download system files through malicious HTTP requests
- Broken authentication where attackers only need to provide credentials without guessing the legitimate users second chosen authentication method
- An SSL issue that allows an attacker to intercept and decrypt sensitive messages in transit
The remediation
Each of these CVEs has an existing patch, and it is highly recommended that users running outdated versions of the FortiOS upgrade immediately.
Source: zdnet