FBI and CISA Joint Advisory: APT Actors Actively Exploiting Flaws in Fortinet FortiOS
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint alert about advanced persistent threat (APT) actors scanning on ports 4443, 8443 and 10443 for known vulnerabilities in Fortinet FortiOS SSL VPNs. The threat actors could exploit the vulnerabilities “to gain access to multiple government, commercial, and technology services networks.” Users are urged to apply updates.
These are older vulnerabilities, and likely exploited by more than APT actors. Patching a remote access device while everybody is working from home has its risk. But if it is too risky to patch, it would be even worse if the device gets compromised. Patch!
The vulnerability exploited in CVE-2018-13379 was not only resolved in the May 2019 patch, but also allows attackers to bypass 2FA. Make sure that your Fortinet devices are up-to-date to ensure that your 2FA implementation is not rendered ineffective. Review the IC3 guidance below for important mitigations, beyond updating your devices and enabling multi-factor authentication, important steps include requiring administrative privileges to install software, using network segmentation, auditing the use of administrator accounts, and configuring systems with the principle of least privilege in mind.
Read more in
SC Magazine: APTs targeting Fortinet, CISA and FBI warn
Gov Infosecurity: FBI and CISA: APT Groups Targeting Government Agencies