An attacker has posted a list of one-line exploits to steal credentials of nearly 50,000 unpatched Fortinet VPN devices that are accessible from the Internet. Included in the list are vulnerable devices on domains that belong to high street banks and government agencies from around the world. The vulnerability, tracked as CVE-2018-13379, is a path traversal flaw that impacts a large number of unpatched Fortinet FortiOS SSL VPN devices. Although the flaw was disclosed over a year ago, researchers have spotted around 50,000 targets that have not been patched and are still vulnerable. The exploit posted by the attacker allows attackers access to the sslvpn_websession files from Fortinet VPNs to steal login credentials. By exploiting this flaw, unauthenticated remote attackers can access system files through specially crafted HTTP requests. Researchers from BleepingComputer have found over four dozen domains in the list that belong to reputable banking, finance, and governmental institutions.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in