Fortinet FortiOS vulnerabilities are being actively exploited

Malicious actors are exploiting the flaws to gain access to systems belonging to government and commercial entities

US agencies have warned of vulnerabilities in Fortinet's FortiOS that malicious actors are exploiting to gain access to systems belonging to government and commercial entities.

The FBI and US Cybersecurity and Infrastructure Security Agency (CISA) released a statement detailing that they had observed Advanced Persistent Threat (APT) actors scanning devices for a number of vulnerabilities.

The agencies warned that it was likely the hackers were looking to gain access to multiple government, commercial and technology services networks.

“APT actors have historically exploited critical vulnerabilities to conduct distributed denial-of-service (DDoS) attacks, ransomware attacks, structured query language (SQL) injection attacks, spearphishing campaigns, website defacements, and disinformation campaigns,” stated the group.

The FBI and CISA explained that the APT actors are using multiple CVEs to exploit Fortinet FortiOS vulnerabilities - CVE 2018-13379, CVE-2020-12812, and CVE-2019-5591.

The first exploit, CVE 2018-13379, allows an attacker to download system files via special crafted HTTP resource requests. It has a CVSS score of 9.8 according to the National Vulnerability Database.

The second vulnerability is CVE-2020-12812 which may result in a user being able to log in successfully without being prompted for a second factor of authentication if they changed the case of their username. It also has a critical CVSS score of 9.8.

Related Resource

Security best practices for PostgreSQL

Securing data with PostgreSQL

Security best practices for PostgreSQL - whitepaper from EDBDownload now

The third vulnerability, CVE-2019-5591, allows unauthenticated attackers on the same FortiOS subnet to intercept sensitive information by impersonating the LDAP server. It has a high CVSS score of 7.5.

The agencies have also published a number of recommendations on the steps organisations should take to protect themselves. This includes immediately patching the three vulnerabilities, regularly back up data and password protect backup copies offline, require administrator credentials to install software and more.

In February, the CISA issued a warning that organisations using the Acellion File Transfer Appliance (FTA) were being targeted in attacks. Hackers had reportedly been exploiting the vulnerabilities to attack multiple federal and state government and private organisations. Attacks were also observed around the world, including in Australia, the UK and Singapore.

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021
What is single sign-on (SSO)?
single sign-on (SSO)

What is single sign-on (SSO)?

2 Dec 2021