CVE-2019-5591, meanwhile, is a security vulnerability in Fortinet VPN Gateway devices that can allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. Fortinet, for its part, had issued a security patch for each of the said three security vulnerabilities.ĬVE-2020-12812 is a security vulnerability in Fortinet VPN devices that can allow threat actors to log in successfully without being prompted for the second factor of authentication if they changed the case of their username. In a joint advisory " APT Actors Exploit Vulnerabilities to Gain Initial Access for Future Attacks," the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) reported that in March 2021 they observed threat actors scanning the internet for Fortinet VPN Gateway devices that didn’t apply the security patches to security vulnerabilities CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591. The attackers may have identified the vulnerable device themselves by scanning IP addresses, the researchers said, alternatively, they may have bought a ready-made list containing IP addresses of vulnerable Fortinet VPN Gateway devices as an offer to buy a database of vulnerable Fortinet VPN Gateway devices appeared on a dark web forum in autumn of 2020. Researchers at Kaspersky Lab added that several days prior to the start of the main attack phase, the attackers performed test connections to the VPN Gateway. The session file contains valuable information, such as the username and plaintext password, the researchers said. In the report “ Vulnerability in FortiGate VPN servers is exploited in Cring ransomware attacks,” researchers at Kaspersky Lab found that the group behind the ransomware called “Cring” gained access to victims’ networks by exploiting CVE-2018-13379 – a known security vulnerability in Fortinet FortiOS under SSL VPN web portal that allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.Īccording to researchers at Kaspersky Lab, CVE-2018-13379 vulnerability was used to extract the session file of the VPN Gateway. $MSI_Installer = "C:\Windows\system32\msiexec.Unpatched VPN Vulnerabilities: Attackers’ New Gateway to Gain Access to Victims’ NetworksĪ new report showed that ransomware attackers are using unpatched VPN vulnerabilities to gain access to victims’ networks.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |