A patch for the vulnerability has been available since May 2019, but this patch has not been applied as widely as necessary. In April, CVE-2018-13379 was mentioned in a joint advisory from the NSA, CISA, and the FBI as one of five vulnerabilities widely used in on-going attacks by the Russian Foreign Intelligence Service (SVR). Apparently the FortiOS system files also contained login credentials. The vulnerable SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP requests. The vulnerability in question provides an improper limitation of a pathname to a restricted directory in several Fortinet FortiOS and FortiProxy versions. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Even if the devices have since been patched, if the passwords were not reset, they remain vulnerable. ![]() The breach list provides raw access to organizations in 74 countries, including the USA, India, Taiwan, Italy, France, and Israel, with almost 3,000 US entities affected.Īccording to Fortinet the credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor's scan. A threat actor has leaked a list of almost 500,000 Fortinet VPN credentials, stolen from 87,000 vulnerable FortiGate SSL-VPN devices.
0 Comments
Leave a Reply. |