According to both agencies, APT nation-state actors are actively exploiting known security vulnerabilities in the Fortinet FortiOS, affecting the company’s SSL VPN products.
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory to warn organizations and users about how hackers are exploiting critical vulnerabilities in the Fortinet FortiOS VPN.
They aim to deploy a beachhead to breach the security of medium to large-sized businesses in the future.
According to the alert issued on Friday, advanced persistent threat (APT) nation-state actors exploit known vulnerabilities in the FortiOS cybersecurity OS and target Fortinet’s SSL VPN products. However, the agencies didn’t share further details about the APT.
The FBI and the Cybersecurity and Infrastructure Security Agency warn that advanced persistent threat (APT) nation-state actors are actively exploiting known security vulnerabilities in the Fortinet FortiOS cybersecurity operating system, affecting the company’s SSL VPN products.
FortiOS SSL VPNs are used in border firewalls. These are responsible for cordoning off sensitive internal networks from other public Internet connections.
How Exploitation Works?
The FBI and CISA reported that APT threat actors scan devices on ports 4443, 8443, and 10443 to find unpatched Fortinet security implementations. Particularly of interest are the vulnerabilities classified as CVE-2018-13379, CVE-2019-5591, and CVE-2020-12812.