Fortinet FortiOS Unlocked

Levan Rolle
Maryville_University_Cyber_Fusion_Center
2 min readApr 9, 2021

Vulnerability Details

Photo by Jordan Harrison on Unsplash

Next-Generation Firewall producer Fortinet is actively being exploited through vulnerabilities found in their firewall OS FortiOS. APTs have been found scanning the internet in search of FortiOS firewalls that do not have the latest patches applied. Without these patches, the vulnerabilities allow attackers too;

· Download system files through malicious HTTP requests

· Log in without being prompted for second-factor authentication

· Intercept sensitive data if on the same subnet as the firewall

· Deploy Cringe ransomware

Affected Systems

This exploit takes advantage of several vulnerabilities spread across FortiOS versions including;

· 5.4–5.4.6 to 5.4.12

· 5.6–5.6.3 to 5.6.7

· 6.0–6.0.0 to 6.0.4

· 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below

Remediation

Although patches have been available for these versions of the FortiOS before the vulnerability was actively exploited, some IT departments have not applied them. Currently, the best remediation strategy is to ensure that all Fortinet firewalls have all patches installed.

Upon request, the Maryville Cyber Fusion Center can perform a security audit, determining if you are vulnerable to this and suggest or assist with remediation if vulnerabilities exist. Please reach out to cyber@maryville.edu if you have any questions or concerns relating to this vulnerability.

References

Montalbano, E. (2021, April 8). Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware

Attacks. Retrieved April 8, 2021, from https://threatpost.com/hackers-exploit-flaw-cring-ransomware/165300/

Osborne, C. (2021, April 6). FBI, CISA warn Fortinet FortiOS vulnerabilities are being actively

exploited. Retrieved April 8, 2021, from https://www.zdnet.com/article/fbi-cisa-warn-of-active-exploit-of-fortinet-fortios-vulnerabilities/

Seals, T. (2021, April 2). FBI: APTs Actively Exploiting Fortinet VPN Security Holes. Retrieved April

8, 2021, from https://threatpost.com/fbi-apts-actively-exploiting-fortinet-vpn-security-holes/165213/

--

--