Tech »  Topic »  CISA: APTs exploiting Fortinet FortiOS vulnerabilities

CISA: APTs exploiting Fortinet FortiOS vulnerabilities


Three Fortinet FortiOS vulnerabilities that have been fully patched since last summer are being exploited by advanced persistent threat actors, according to the FBI and CISA.

Advanced persistent threat actors may be exploiting multiple Fortinet FortiOS vulnerabilities, according to a joint cybersecurity advisory published Friday by the FBI and the Cybersecurity and Infrastructure Security Agency.

According to the advisory, the two agencies observed unnamed APT actors scanning devices for three different vulnerabilities that affected FortiOS, Fortinet's central security operating system. The vulnerabilities include CVE-2018-13379, a path traversal vulnerability (Common Vulnerability Scoring System base score of 9.8); CVE-2020-12812, an improper authentication vulnerability (CVSS base score of 9.8); and CVE-2019-5591, a default configuration vulnerability (CVSS base score of 7.5).

CVE-2020-12812, the most recent vulnerability, was patched in July 2020, and the other two were patched in mid-2019.

CVE-2018-13379 ...


Copyright of this story solely belongs to searchsecurity.techtarget.com . To see the full text click HERE