Governance & Risk Management , IT Risk Management , Next-Generation Technologies & Secure Development

FBI: Attackers Continue to Exploit Unpatched Fortinet Flaws

Bureau Says Attackers Targeted Server for a US Municipal Government
FBI: Attackers Continue to Exploit Unpatched Fortinet Flaws
FBI urges users to apply Fortinet patches,

Advanced persistent threat groups are continuing to exploit unpatched flaws in Fortinet products, the FBI says in a flash alert. For example, an APT group apparently recently exploited a Fortigate appliance to access a web server hosting the domain for a U.S. municipal government.

See Also: 2023 Voice of the CISO

The group likely created an account with the username “elie” to further enable malicious activity on the network, according to the alert.

Earlier, the FBI issued a warning about three vulnerabilities in Fortinet's operating system, FortiOS (see: FBI and CISA: APT Groups Targeting Government Agencies).

The FBI says APT groups "are actively targeting a broad range of victims across multiple sectors, indicating the activity is focused on exploiting vulnerabilities rather than targeted at specific sectors."

The bureau urges users of vulnerable Fortinet products to immediately patch the flaws to prevent attacks.

Vulnerabilities

According to the FBI, the three FortiOS vulnerabilities that are still being exploited are:

  • CVE-2018-13379: An improper pathname vulnerability found in multiple versions of the Fortinet FortiOS SSL VPN web portal that can allow an unauthenticated attacker to download system files via specially crafted HTTP resource requests;
  • CVE-2020-12812: An improper authentication vulnerability in SSL VPN affecting multiple FortiOS versions that enables an attacker to successfully log in without authentication;
  • CVE-2019-5591: A default configuration vulnerability in FortiOS that allows an unauthenticated attacker to intercept sensitive information by impersonating servers.

Fortinet said earlier that all three vulnerabilities were resolved by the company between August 2019 and July 2020, and patches were issued.

Recommendations

The FBI offered risk mitigation steps for Fortinet users that, beyond patching, include:

  • Regularly back up data and password protect those backup copies.
  • Implement network segmentation and have an effective recovery plan to restore sensitive or proprietary data from a physically separate, segmented, secure location - such as a hard drive, a storage device or in the cloud.
  • Disable unused remote access or remote desktop protocol ports and monitor these tools.
  • Audit user accounts with administrative privileges and configure access controls with least privilege in mind.

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.