CVE-2018-13379: Access Information to 87,000 FortiGate SSL-VPN Devices Leaked
Home > Cyber News > CVE-2018-13379: Access Information to 87,000 FortiGate SSL-VPN Devices Leaked
CYBER NEWS

CVE-2018-13379: Access Information to 87,000 FortiGate SSL-VPN Devices Leaked

CVE-2018-13379: Access Information to 87,000 FortiGate SSL-VPN Devices Leaked
A threat actor has recently disclosed SSL-VPN access information to 87,000 FortiGate SSL-VPN devices, Fortinet has confirmed.




Unpatched CVE-2018-13379 in FortiGate SSL-VPN Devices Caused the Leak

According to the statement, the said credentials were taken from systems that remained unpatched against a specific vulnerability – CVE-2018-13379 – which was revealed in May 2019. Back then, the company issued an advisory and communicated directly with their customers, and has been encouraging them to upgrade the affected devices. However, as it turns out, many devices were left unpatched and hence, vulnerable to attacks and exploits.

Here’s the vulnerability’s official description:

An Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

Even though the devices may have since been patched, they remain exposed if their passwords weren’t reset, Fortinet warned.

Following this incident, the company is urging customers and organizations running any of the affected versions, to upgrade their devices and perform password reset as explain in their customer support bulletin. In other words, all affected parties should upgrade to FortiOS 5.4.13, 5.6.14, 6.0.11, or 6.2.8 and above. More information is available in Fortinet’s original alert.

In June 2021, Security researchers issued a warning that cybercriminals were leveraging an older SQL injection security flaw, known as CVE-2019-7481. The vulnerability is located in SonicWall Secure Remote Access (SRA) 4600 devices that run firmware versions 8.x and 9.x. The flaw was deployed in attacks against various organizations.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree