Fortinet FortiOS Unlocked
Vulnerability Details
Next-Generation Firewall producer Fortinet is actively being exploited through vulnerabilities found in their firewall OS FortiOS. APTs have been found scanning the internet in search of FortiOS firewalls that do not have the latest patches applied. Without these patches, the vulnerabilities allow attackers too;
· Download system files through malicious HTTP requests
· Log in without being prompted for second-factor authentication
· Intercept sensitive data if on the same subnet as the firewall
· Deploy Cringe ransomware
Affected Systems
This exploit takes advantage of several vulnerabilities spread across FortiOS versions including;
· 5.4–5.4.6 to 5.4.12
· 5.6–5.6.3 to 5.6.7
· 6.0–6.0.0 to 6.0.4
· 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below
Remediation
Although patches have been available for these versions of the FortiOS before the vulnerability was actively exploited, some IT departments have not applied them. Currently, the best remediation strategy is to ensure that all Fortinet firewalls have all patches installed.
Upon request, the Maryville Cyber Fusion Center can perform a security audit, determining if you are vulnerable to this and suggest or assist with remediation if vulnerabilities exist. Please reach out to cyber@maryville.edu if you have any questions or concerns relating to this vulnerability.
References
Montalbano, E. (2021, April 8). Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware
Attacks. Retrieved April 8, 2021, from https://threatpost.com/hackers-exploit-flaw-cring-ransomware/165300/
Osborne, C. (2021, April 6). FBI, CISA warn Fortinet FortiOS vulnerabilities are being actively
exploited. Retrieved April 8, 2021, from https://www.zdnet.com/article/fbi-cisa-warn-of-active-exploit-of-fortinet-fortios-vulnerabilities/
Seals, T. (2021, April 2). FBI: APTs Actively Exploiting Fortinet VPN Security Holes. Retrieved April
8, 2021, from https://threatpost.com/fbi-apts-actively-exploiting-fortinet-vpn-security-holes/165213/
