Home Just In FBI Issues Second Alert on Attackers Leveraging Three Legacy Fortinet Vulnerabilities

FBI Issues Second Alert on Attackers Leveraging Three Legacy Fortinet Vulnerabilities

by CIO AXIS

The FBI has issued a second alert after threat actors leveraged multiple vulnerabilities in Fortinet’s FortiGate SSL VPN against a municipal government. Please find below a comment from Satnam Narang, Staff Research Engineer, Tenable.

“The Federal Bureau of Investigation (FBI) issued their second alert regarding multiple flaws in Fortinet’s FortiGate SSL VPN being exploited in the wild, the first was published over a month ago. However, multiple U.S. Government agencies, including the FBI, NSA and CISA have published several alerts over the last few years highlighting the use of CVE-2018-13379, a critical flaw in the SSL VPN, by advanced persistent threat (APT) groups that was patched two years ago.

“The fact that we continue to see these legacy vulnerabilities being exploited in spite of these alerts is a cautionary tale that unpatched flaws remain a valuable tool for APT groups and cybercriminals in general. The risk is further heightened by the broad shift of the workforce over the past year. Unpatched vulnerabilities, not zero-days, are the biggest threat to most organizations today because it gets attackers to their end goal in the fastest and cheapest way. It is imperative that both public sector and private organizations that use the FortiGate SSL VPN apply these patches immediately to prevent future compromise.” — Satnam Narang, Staff Research Engineer, Tenable.

Recommended for You

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Close Read More

See Ads