Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
thnThe Hacker NewsTHN:8483C1B45A5D7BF5D501DE72F5898935
HistorySep 09, 2021 - 7:16 a.m.

Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices

2021-09-0907:16:00
The Hacker News
thehackernews.com
680

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices.

“These credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor’s scan. While they may have since been patched, if the passwords were not reset, they remain vulnerable,” the company said in a statement on Wednesday.

The disclosure comes after the threat actor leaked a list of Fortinet credentials for free on a new Russian-speaking forum called RAMP that launched in July 2021 as well as on Groove ransomware’s data leak site, with Advanced Intel noting that the “breach list contains raw access to the top companies” spanning across 74 countries, including India, Taiwan, Italy, France, and Israel. “2,959 out of 22,500 victims are U.S. entities,” the researchers said.

CVE-2018-13379 relates to a path traversal vulnerability in the FortiOS SSL VPN web portal, which allows unauthenticated attackers to read arbitrary system files, including the session file, which contains usernames and passwords stored in plaintext.

Although the bug was rectified in May 2019, the security weakness has been repeatedly exploited by multiple adversaries to deploy an array of malicious payloads on unpatched devices, prompting Fortinet to issue a series of advisories in August 2019, July 2020, April 2021, and again in June 2021, urging customers to upgrade affected appliances.

CVE-2018-13379 also emerged as one of the top most exploited flaws in 2020, according to a list compiled by intelligence agencies in Australia, the U.K., and the U.S. earlier this year.

In light of the leak, Fortinet is recommending companies to immediately disable all VPNs, upgrade the devices to FortiOS 5.4.13, 5.6.14, 6.0.11, or 6.2.8 and above followed by initiating an organization-wide password reset, warning that “you may remain vulnerable post-upgrade if your users’ credentials were previously compromised.”

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Related

fortinet 2
prion 1
thn 21
threatpost 10
exploitpack 2
packetstorm 2
mmpc 4
zdt 2
checkpoint_advisories 1
nuclei 1
nessus 3
cisa_kev 1
kitploit 1
dsquare 1
mssecure 4
malwarebytes 4
cve 1
exploitdb 2
attackerkb 3
rapid7blog 3
hivepro 3
cisa 2
ics 11
securelist 1
qualysblog 6
talosblog 1
fortinet
fortinet
Protect
2019-05-24 00:00:00
FortiProxy - system file leak through SSL VPN special crafted HTTP resource requests
2021-06-01 00:00:00
prion
prion
Path traversal
2019-06-04 21:29:00
thn
thn
CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats
2023-12-18 05:41:00
Iranian Hackers Targeting VMware Horizon Log4j Flaws to Deploy Ransomware
2022-02-18 07:40:00
Microsoft Blocks Iran-linked Lebanese Hackers Targeting Israeli Companies
2022-06-03 09:19:00
threatpost
threatpost
Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks
2021-04-08 14:00:32
Thousands of Fortinet VPN Account Credentials Leaked
2021-09-09 22:49:27
Accenture Confirms LockBit Ransomware Attack
2021-08-11 21:56:00
exploitpack
exploitpack
FortiOS 5.6.3 - 5.6.7 FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)
2019-08-19 00:00:00
FortiOS 5.6.3 - 5.6.7 FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure
2019-08-19 00:00:00
packetstorm
packetstorm
FortiOS 5.6.7 / 6.0.4 Credential Disclosure
2019-08-19 00:00:00
FortiOS 5.6.7 / 6.0.4 Credential Disclosure
2019-08-19 00:00:00
mmpc
mmpc
Exposing POLONIUM activity and infrastructure targeting Israeli organizations
2022-06-02 16:00:00
Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021
2021-11-16 16:00:08
Profiling DEV-0270: PHOSPHORUS’ ransomware operations
2022-09-07 21:00:00
zdt
zdt
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure Exploit (2)
2019-08-19 00:00:00
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure Exploit
2019-08-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Fortinet FortiOS SSL VPN Directory Traversal (CVE-2018-13379)
2019-10-17 00:00:00
nuclei
nuclei
Fortinet FortiOS - Credentials Disclosure
2020-04-22 06:42:01
nessus
nessus
Fortinet FortiOS SSL VPN Directory Traversal Vulnerability (FG-IR-18-384) (Direct Check)
2019-09-06 00:00:00
Fortinet FortiOS (Mac OS X) 5.4.6 <= 5.4.12 / 5.6.3 < 5.6.8 / 6.0.x < 6.0.5 SSL VPN Directory Traversal (FG-IR-18-384) (deprecated)
2019-06-14 00:00:00
Fortinet FortiOS 5.4.6 <= 5.4.12 / 5.6.3 < 5.6.8 / 6.0.x < 6.0.5 SSL VPN Directory Traversal (FG-IR-18-384)
2019-06-14 00:00:00
cisa_kev
cisa_kev
Fortinet FortiOS SSL VPN Path Traversal Vulnerability
2021-11-03 00:00:00
kitploit
kitploit
Fortiscan - A High Performance FortiGate SSL-VPN Vulnerability Scanning And Exploitation Tool
2020-11-30 11:30:00
dsquare
dsquare
Fortinet FortiGate SSL VPN File Disclosure
2019-08-17 00:00:00
mssecure
mssecure
Exposing POLONIUM activity and infrastructure targeting Israeli organizations
2022-06-02 16:00:00
Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021
2021-11-16 16:00:08
Profiling DEV-0270: PHOSPHORUS’ ransomware operations
2022-09-07 21:00:00
malwarebytes
malwarebytes
500,000 Fortinet VPN credentials exposed: Turn off, patch, reset passwords
2021-09-09 15:37:43
Atomic research institute breached via VPN vulnerability
2021-06-21 13:53:03
Patch now! NSA, CISA, and FBI warn of Russian intelligence exploiting 5 vulnerabilities
2021-04-16 14:59:38
cve
cve
CVE-2018-13379
2019-06-04 21:29:00
exploitdb
exploitdb
Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure
2019-08-19 00:00:00
Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)
2019-08-19 00:00:00
attackerkb
attackerkb
CVE-2020-12812
2020-07-24 00:00:00
CVE-2018-13379 Path Traversal in Fortinet FortiOS
2019-06-04 00:00:00
CVE-2019-5591
2020-08-14 00:00:00
rapid7blog
rapid7blog
CVE-2022-40684: Remote Authentication Bypass Vulnerability in Fortinet Firewalls, Web Proxies
2022-10-07 16:24:42
Metasploit Wrap-Up
2021-03-05 17:20:43
Attackers Targeting Fortinet Devices and SAP Applications
2021-04-08 17:18:07
hivepro
hivepro
LockBit 2.0 Ransomware affiliates targeting Renowned Organizations
2022-03-15 10:07:18
Russian state-sponsored cyber actors targeting U.S. critical infrastructure
2022-02-18 12:20:35
Weekly Threat Digest: 14 – 20 March 2022
2022-03-23 04:17:40
cisa
cisa
FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities
2021-04-02 00:00:00
NSA-CISA-FBI Joint Advisory on Russian SVR Targeting U.S. and Allied Networks
2021-04-15 00:00:00
ics
ics
Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology
2022-02-16 12:00:00
Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities
2021-11-19 12:00:00
#StopRansomware: Play Ransomware
2023-12-18 12:00:00
securelist
securelist
Cyberthreats to financial organizations in 2022
2021-11-23 10:00:13
qualysblog
qualysblog
Qualys Tackles 2022’s Top Routinely Exploited Cyber Vulnerabilities
2023-08-24 19:07:05
CISA Alert: Top 15 Routinely Exploited Vulnerabilities
2022-05-06 12:19:24
Solorigate/Sunburst : Theft of Cybersecurity Tools | FireEye Breach
2020-12-10 00:48:29
talosblog
talosblog
Microsoft patches 12 critical vulnerabilities, nine of which are in Layer 2 Tunneling Protocol
2023-10-11 11:48:18

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON
Related for THN:8483C1B45A5D7BF5D501DE72F5898935
fortinet2prion1thn21threatpost10exploitpack2packetstorm2mmpc4zdt2checkpoint_advisories1nuclei1nessus3cisa_kev1kitploit1dsquare1mssecure4malwarebytes4cve1exploitdb2attackerkb3rapid7blog3hivepro3cisa2ics11securelist1qualysblog6talosblog1