At the end of last week, CISA (DHS) and the FBI issued a joint advisory on three Fortinet FortiOS vulnerabilities: CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591. The advisory stated that adversaries are probing potential victims for these vulnerabilities, and may be likely to exploit them (though it did not say they were exploited in an attack). That said, two of the three were known to be exploited in the wild previously while the third is more than 10 times more likely to be exploited than an average vulnerability. In this blog, we take a look at each in turn.
CVE-2018-13379 (path traversal vulnerability for FortiOS) was previously exploited last summer – used by Russian hackers to steal COVID-19 vaccine research (see our earlier blog here). CYR3CON had predicted hacker use of this vulnerability prior to initial exploitation and continued to track updates concerning the vulnerability. It is noteworthy that new exploit variants became available in January of 2021. The CISO/FBI advisory indicated that hackers are scanning ports for this vulnerability.
CYR3CON information on CVE-2018-13379 (path traversal in FortiOS)
CVE-2020-12812 (VPN authentication vulnerability, FortiOS) was also previously reported exploited in the summer. CYR3CON’s PrEval algorithm also predicted hacker interest in further exploitation as well. The CISA/FBI advisory indicates hackers are enumerating devices that likely have this vulnerability.
CYR3CON information on CVE-2020-12812 (VPN authentication in FortiOS)
CVE-2019-5591 (authentication due to default configuration in FortiOS) is also being enumerated by threat actors according to the CISA/FBI advisory. While the vulnerability has not been widely reported to be exploited in the wild, it is currently considered to be over 10 times more likely to be exploited than average.
CYR3CON information on CVE-2019-5591 (authentication due to default configuration in FortiOS)
Make CYR3CON your next call to prevent breach and reduce risk at your organization and talk to a CYR3CON specialist today.