CRITICAL: Fortinet VPN Vulnerability Actively Being Exploited
Situation
A Fortinet VPN vulnerability (CVE-2018-13379) has been seen actively being exploited to steal VPN credentials.
Problem
The vulnerability (CVE-2018-13379) is a path traversal flaw impacting a large number of unpatched Fortinet FortiOS SSL VPN devices. This vulnerability can allow unauthenticated remote attackers access to system files via specially crafted HTTP requests. An exploit has been posted by a hacker that lets an attacker access the sslvpn_websession files from Fortinet VPNs to steal login credentials.
Implication
If an unauthenticated remote attacker is able to exploit this vulnerability. The stolen credentials could then be used to compromise a network and/or deploy ransomware and other malware.
Need
Fortinet Strongly recommends upgrading all Fortinet VPN systems to the latest firmware releases. And validate that all SSL-VPN local users are expected, with correct email addresses assigned and perform password reset on all users that have been comprimised. Additional information can be found in the links below.
Fortinet security advisory:
https://www.fortinet.com/blog/psirt-blogs/atp-29-targets-ssl-vpn-flaws
Vulnerable Fortinet VPNs passwords exposed: