The FBI has issued a second alert after threat actors leveraged multiple vulnerabilities in Fortinet’s FortiGate SSL VPN against a municipal government. Please find below a comment from Satnam Narang, Staff Research Engineer, Tenable.
“The Federal Bureau of Investigation (FBI) issued their second alert regarding multiple flaws in Fortinet’s FortiGate SSL VPN being exploited in the wild, the first was published over a month ago. However, multiple U.S. Government agencies, including the FBI, NSA and CISA have published several alerts over the last few years highlighting the use of CVE-2018-13379, a critical flaw in the SSL VPN, by advanced persistent threat (APT) groups that was patched two years ago.
“The fact that we continue to see these legacy vulnerabilities being exploited in spite of these alerts is a cautionary tale that unpatched flaws remain a valuable tool for APT groups and cybercriminals in general. The risk is further heightened by the broad shift of the workforce over the past year. Unpatched vulnerabilities, not zero-days, are the biggest threat to most organizations today because it gets attackers to their end goal in the fastest and cheapest way. It is imperative that both public sector and private organizations that use the FortiGate SSL VPN apply these patches immediately to prevent future compromise.” — Satnam Narang, Staff Research Engineer, Tenable.