Recently a threat actor (attacker) shared a list of IP addresses related to the exploit of over 49,000 Fortinet VPN devices that are vulnerable to CVE-2018-13379 . The exploitation could allow the attacker to steal VPN credentials by downloading the FortiOS system files . Authorities around the world are aware of the exploitation of this vulnerability as it could compromise the VPN network of organisations which are using VPN devices of this brand .
As there were around 1,000 IP addresses on the list coming from Hong Kong, HKCERT has already notified 40 corresponding local network providers and organisations to take appropriate remedial actions promptly.
Below are the versions of the products being affected by this vulnerability if their web-mode or tunnel-mode SSL VPN service has been enabled:
- FortiOS 6.0 – versions 6.0.0 to 6.0.4
- FortiOS 5.6 – versions 5.6.3 to 5.6.7
- FortiOS 5.4 – versions 5.4.6 to 5.4.12
The Fortinet PSIRT Advisory FG-IR-18-384  has provided information to address this vulnerability. Security fixes are available for different versions of software. Users are recommended to upgrade to the corresponding version with the fix ASAP.
Is your business effected by Cyber Crime?
If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.
Digitpol is available 24/7.
UK +44 20 8089 9944