The objective of this alert is to raise awareness about three vulnerabilities actively used by advanced threat actors to compromise systems.

The intent of this alert is to raise system administrator’s awareness about these vulnerabilities, allowing them to act accordingly.

If it is not already done, CERT.be recommends to system administrators to patch their vulnerable systems as soon as possible and analyze your system and network logs for any suspicious activity.

CVE-2018-13379 - An improper limitation of a pathname to a restricted directory (Path Traversal) in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7, and 5.4.6 to 5.4.12 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.

CVE-2020-12812 - An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9, and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.

CVE-2019-5591 - A default configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.

CERT.be recommends system administrators of Fortinet devices to upgrade FortiOS to the latest available version as soon as possible.

It’s also advised to perform a thorough analysis of your network and system logs or other available data for any scanning activity on ports 4443, 8443, and 10443 or any other suspicious activity.

FortiOS vulnerabilities:

• CVE-2018-13379 - https://www.fortiguard.com/psirt/FG-IR-18-384
• CVE-2020-12812 - https://www.fortiguard.com/psirt/FG-IR-19-283
• CVE-2019-5591 - https://www.fortiguard.com/psirt/FG-IR-19-037