Threat Watch

Joint Alert by CISA and FBI Warns of Active Exploitation Against FortiOS Devices

In a joint alert issued on April 2nd, the FBI and CISA warned that threat actors are actively scanning for Fortinet devices running vulnerable versions of FortiOS. FortiOS, in the past, has seen three (CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591) significant vulnerabilities and all are being exploited currently. While it is currently not known who is performing the active scans, it is well known that APT groups have opportunistically taken advantage of these kinds of vulnerabilities to gain a foothold in many environments. Fortinet is strongly recommending that if clients are still using out-of-date devices, that they patch immediately.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

With the history the three vulnerabilities have had in the past, patching vulnerable devices is urgent, especially as active exploitation is ongoing. Ensuring that logs are being shipped from FortiOS devices and actively monitored can help mitigate the risk. Fortinet has also provided guidance on how to patch or mitigate some of these vulnerabilities in the blog and knowledgebase article linked below.

References:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD49410
https://www.fortinet.com/blog/psirt-blogs/update-regarding-cve-2018-13379
https://www.zdnet.com/article/fbi-cisa-warn-of-active-exploit-of-fortinet-fortios-vulnerabilities/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support