Patch FortiOS SSL VPN Vulnerability (CVE-2018-13379) Immediately

Recently a threat actor (attacker) shared a list of IP addresses related to the exploit of over 49,000 Fortinet VPN devices that are vulnerable toCVE-2018-13379 ^[1]. The exploitation could allow the attacker to steal VPN credentials by downloading the FortiOS system files ^[2]. Authorities around the world are aware of the exploitation of this vulnerability as it could compromise the VPN network of organisations which are using VPN devices of this brand ^[3].

As there were around 1,000 IP addresses on the list coming from Hong Kong, HKCERT has already notified 40 corresponding local network providers and organisations to take appropriate remedial actions promptly.

Below are the versions of the products being affected by this vulnerability if their web-mode or tunnel-mode SSL VPN service has been enabled:

• FortiOS 6.0 – versions 6.0.0 to 6.0.4
• FortiOS 5.6 – versions 5.6.3 to 5.6.7
• FortiOS 5.4 – versions 5.4.6 to 5.4.12 

The Fortinet PSIRT Advisory FG-IR-18-384 ^[4][5] has provided information to address this vulnerability. Security fixes are available for different versions of software. Users are recommended to upgrade to the corresponding version with the fix ASAP.

Reference Links:

[1] https://twitter.com/Bank_Security/status/1329426020647243778 

[2] https://www.bleepingcomputer.com/news/security/hacker-posts-exploits-for-over-49-000-vulnerable-fortinet-vpns/ 

[3] https://us-cert.cisa.gov/ncas/current-activity/2020/11/27/fortinet-fortios-system-file-leak 

[4] https://www.fortiguard.com/psirt/FG-IR-18-384 

[5] /my_url/en/alert/19100802