[/vc_wp_text][vc_column_text]CloudSEK Threat Intel has detected a threat actor selling a list of systems on the Internet that are vulnerable to CVE-2018-13379 which is a Fortinet SSL VPN path traversal vulnerability.
The threat actor’s post enumerating the list of vulnerable targets
Fortinet SSL-VPN Vulnerability CVE-2018-13379
CVE-2018-13379 is a path traversal vulnerability in FortinetOS SSL VPN web portal which allows unauthenticated attackers to download FortiOS system files by means of specially crafted HTTP request. Vulnerability exists only if SSL VPN service (web mode/tunnel mode) is enabled.
The attacker can read any files (including system critical files like :config files/password files) from the server
Attackers can perform trial and error to search and read sensitive files on the target server.
Business Impact
Malicious actors can exploit this vulnerability and cause serious downtime resulting in significant financial loss.
Since VPN endpoints play a crucial role in business infrastructure, compromise of even a single endpoint may lead to take over of the entire domain or network.
Mitigation
Install vendor upgrades: Upgrade to FortiOS 5.4.13, 5.6.8, 6.0.5 or 6.2.0 and above
Disable SSL VPN service (Work around): https://www.fortiguard.com/psirt/FG-IR-18-384