![]() ![]() ![]() We believe this vulnerability was most likely used by attackers to gain initial access in all recent cases investigated by ParaFlare, where an unpatched Fortinet device was involved.ĭuring these response engagements, while ParaFlare were able to assess the likelihood of the attacker utilising the exploits as disclosed by this blog post, the evidence has not been available to support these assumptions. Therefore, enabling the threat actor to access the SSL VPN with legitimate user credentials. The vulnerability assigned the reference CVE-2018-13379 allows an unauthenticated, remote actor to read sensitive files on the Fortinet device, including the usernames and plaintext passwords contained in the “sslvpn_websession” file. It is our assumption that the exploitation of CVE-2018-13379, an ‘Improper Limitation of a Pathname to a Restricted Directory (Path Traversal), was to blame. ![]() Over the past 12 months, ParaFlare’s Incident Response team has assisted with the response, containment and remediation of several large-scale ransomware cases that involved unpatched Fortinet FortiGate firewalls.Īs such, we have analysed several CVEs that have impacted Fortinet devices worldwide and have led to devastating attacks on networks from the perimeter device inwards. The exploitation of Fortinet FortiOS vulnerabilities has been very topical of late. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |