The FBI and CISA Issue Joint Security Advisory on Fortinet FortiGate Vulnerabilities
Advisory Summary
The Federal Bureau of Investigation (FBI) and the Cybersecurity Infrastructure Security Agency (CISA) have released a joint cybersecurity advisory to warn the public that threat actors are actively exploiting a suite of known Fortinet FortiGate firewall vulnerabilities. These vulnerabilities allow an attacker to steal VPN user credentials and gain initial access to the protected network environment, which positions them to be able to conduct further attacks.
Although two of the three vulnerabilities mentioned in the advisory have been known to the public since 2019, with the third being made public in 2020, it is clear by the issuing of this alert now in 2021 that there are still many firewalls in the wild that have not been updated and are still vulnerable.
Vulnerabilities
Vulnerability 1
CVE |
CVE-2018-13379 |
CVSS Score |
9.8/10 – Critical |
Fortinet PSIRT |
FG-IR-18-384 |
VPLS Summary |
An attacker can steal SSL VPN user credentials on FortiGates with SSL VPN enabled, allowing them to gain access to the protected network environment |
Vulnerability 2
CVE |
CVE-2019-5591 |
CVSS Score |
7.5/10 – High |
Fortinet PSIRT |
FG-IR-19-037 |
VPLS Summary |
An attacker with local network access can perform a MITM attack to intercept FortiGate LDAP connections and obtain sensitive user authentication information. |
Vulnerability 3
CVE |
CVE-2020-12812 |
CVSS Score |
9.8/10 – Critical |
Fortinet PSIRT |
FG-IR-19-283 |
VPLS Summary |
An attacker can bypass 2FA requirements for VPN users by adjusting the case used when entering the username. |
VPLS's Recommendation
These three vulnerabilities each have their own conditions required for your FortiGate to be vulnerable, as well as specific mitigation instructions, which are described in detail in the provided Fortinet PSIRT links. To summarize, for Vulnerability 1, the mitigation step is as simple as upgrading the firmware version. Vulnerability 2 and 3, however, require specific configuration changes to mitigate.
Please reach out to us if you would like more information on this advisory. We are happy to provide a free consultation to evaluate if any of the three vulnerabilities apply to your environment and discuss with you what mitigation steps are required.
Additional Resources
Read More from this Author
VPLS Marketing Team
As a worldwide leader in internet infrastructure and computing, VPLS partners with businesses to solve their most complex technology challenges. Have a question about the article? Contact our team at [email protected].
More from this Author
If you enjoyed this article, you'll probably like:
