CISA Is Warning About the Vulnerable Fortinet VPN Passwords
The United States Cybersecurity and Infrastructure Security Agency (CISA) issued a warning concerning leaked passwords that could potentially affect Fortinet VPNs.
The US state agency issued its formal warning in late November 2020. The reaction came in response to known threat actors who were posting claims of password leaks on hacker underground forums.
The CISA made no comments on whether or not the password leaks are genuine, but issued a warning to those running Fortinet's platform. The California headquartered company has issued official guidance to its customers and CISA reiterates it, highlighting the need for immediate updates that will address the vulnerability in question.
FortiOS has had this vulnerability for a while and it has been codified as CVE 2018-13379. However, it has been addressed and users simply need to apply the relevant updates.
The bad actor claiming they had access to login credentials of Fortinet users was also basing their claims on the same vulnerability. The entity using the handle 'pumpedupkicks' posted a list of nearly 50,000 IPs that were allegedly vulnerable to CVE 2018-13379 and also claimed they had plain text credentials for those accounts.
Unless the affected users patch their VPNs to address the vulnerability, there is a very real danger of attacks using the leaked IPs and credentials.
The situation was escalated to the attention of the agency because there was data of threat actors who are stringing together multiple vulnerabilities, including the one mentioned above, to attack networks on US soil.
In the summer of 2020 Fortinet also disclosed that CVE 2018-13379 was exploited by APT29 - an advanced persistent threat actor believed to originate from Russia - to steal information connected to the ongoing development of Covid-19 vaccines from institutions in the US, UK and Canada.