Warning : Critical vulnerability CVE-2018-13379 Fortinet FortiOS SSL VPN
CVE-2018-13379 : 9.8 (critical)
Sources
https://nvd.nist.gov/vuln/detail/CVE-2018-13379
Risks
A remote unauthenticated hacker can perform trial and error actions to search and read sensitive files on the target server, including system-critical files like config files/password files).
VPN endpoints play a crucial role in business infrastructure, compromise of even a single endpoint may lead to taking over of the entire domain or network.
There are historical sightings where this vulnerability leads to a ransomware attack.
Description
A hacker has published a list of almost 50,000 vulnerable Fortinet VPN devices, of which the VPN credentials can be stolen remotely without authentication.
These credentials allow a hacker to compromise the entire network. There are historical reports where this vulnerability was the cause of a ransomware attack.
The CVE-2018-13379 vulnerability has a path traversal flaw that affects a large number of unpatched Fortinet FortiOS SSL VPN devices.
A non-authenticated hacker can remotely access system files through specially designed HTTP requests, including sensitive files such as configuration and password files.
Recommended Actions
CERT.be recommends system administrators to install the latest updates released by the vendor for the affected versions, after proper testing. As an extra precaution, it's advised to check your logs for anomalies. If there is any indication that an attacker accessed sensitive files, you should treat your network as compromised.