The FBI and CISA Issue Joint Security Advisory on Fortinet FortiGate Vulnerabilities
The Federal Bureau of Investigation (FBI) and the Cybersecurity Infrastructure Security Agency (CISA) have released a joint cybersecurity advisory to warn the public that threat actors are actively exploiting a suite of known Fortinet FortiGate firewall vulnerabilities. These vulnerabilities allow an attacker to steal VPN user credentials and gain initial access to the protected network environment, which positions them to be able to conduct further attacks.
Although two of the three vulnerabilities mentioned in the advisory have been known to the public since 2019, with the third being made public in 2020, it is clear by the issuing of this alert now in 2021 that there are still many firewalls in the wild that have not been updated and are still vulnerable.
These three vulnerabilities each have their own conditions required for your FortiGate to be vulnerable, as well as specific mitigation instructions, which are described in detail in the provided Fortinet PSIRT links. To summarize, for Vulnerability 1, the mitigation step is as simple as upgrading the firmware version. Vulnerability 2 and 3, however, require specific configuration changes to mitigate.
Please reach out to us if you would like more information on this advisory. We are happy to provide a free consultation to evaluate if any of the three vulnerabilities apply to your environment and discuss with you what mitigation steps are required.
Read More from this Author