"FBI: APTs Actively Exploiting Fortinet VPN Security Holes"

The FBI and the Cybersecurity and Infrastructure Security Agency are warning that advanced persistent threat (APT) nation-state actors are actively exploiting known security vulnerabilities in the Fortinet FortiOS cybersecurity operating system, affecting the company’s SSL VPN products.  Cyberattackers are scanning devices on ports 4443, 8443, and 10443, looking for unpatched Fortinet security implementations. Specifically, APTs are exploiting CVE-2018-13379, CVE-2019-5591, and CVE-2020-12812.  In the alert, the FBI stated that APT actors are likely scanning for these vulnerabilities to gain access to multiple government, commercial and technology services networks.   APT actors have historically exploited critical vulnerabilities to conduct distributed denial-of-service (DDoS) attacks, ransomware attacks, structured query language (SQL) injection attacks, spear-phishing campaigns, website defacements, and disinformation campaigns.  The bug tracked as CVE-2018-13379 is a path-traversal issue in Fortinet FortiOS, where the SSL VPN web portal allows an unauthenticated attacker to download system files via specially crafted HTTP resource requests.  The CVE-2019-5591 flaw is a default configuration vulnerability in FortiOS that could allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.  CVE-2020-12812 is an improper authentication vulnerability in SSL VPN in FortiOS, which could allow a user to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.

Threatpost reports: "FBI: APTs Actively Exploiting Fortinet VPN Security Holes"