Managed Security

FBI CISA

The FBI and CISA Issue Joint Security Advisory on Fortinet FortiGate Vulnerabilities

Advisory, Blog Post / By
Return to the VPLS Blog

Published

Written by

Filed under

Advisory Summary

The Federal Bureau of Investigation (FBI) and the Cybersecurity Infrastructure Security Agency (CISA) have released a joint cybersecurity advisory to warn the public that threat actors are actively exploiting a suite of known Fortinet FortiGate firewall vulnerabilities. These vulnerabilities allow an attacker to steal VPN user credentials and gain initial access to the protected network environment, which positions them to be able to conduct further attacks.

Although two of the three vulnerabilities mentioned in the advisory have been known to the public since 2019, with the third being made public in 2020, it is clear by the issuing of this alert now in 2021 that there are still many firewalls in the wild that have not been updated and are still vulnerable.

Vulnerabilities

Vulnerability 1

CVE

 CVE-2018-13379

CVSS Score

9.8/10 – Critical

Fortinet PSIRT

FG-IR-18-384

VPLS Summary

An attacker can steal SSL VPN user credentials on FortiGates with SSL VPN enabled, allowing them to gain access to the protected network environment

Vulnerability 2

CVE

CVE-2019-5591

CVSS Score

7.5/10 – High

Fortinet PSIRT

FG-IR-19-037

VPLS Summary

An attacker with local network access can perform a MITM attack to intercept FortiGate LDAP connections and obtain sensitive user authentication information.

Vulnerability 3

CVE

CVE-2020-12812

CVSS Score

9.8/10 – Critical

Fortinet PSIRT

FG-IR-19-283

VPLS Summary

An attacker can bypass 2FA requirements for VPN users by adjusting the case used when entering the username.

VPLS's Recommendation

These three vulnerabilities each have their own conditions required for your FortiGate to be vulnerable, as well as specific mitigation instructions, which are described in detail in the provided Fortinet PSIRT links. To summarize, for Vulnerability 1, the mitigation step is as simple as upgrading the firmware version. Vulnerability 2 and 3, however, require specific configuration changes to mitigate.

Please reach out to us if you would like more information on this advisory. We are happy to provide a free consultation to evaluate if any of the three vulnerabilities apply to your environment and discuss with you what mitigation steps are required.

Additional Resources

Read More from this Author

If you enjoyed this article, you'll probably like:

Seim-in-school

The Importance of Managed SIEM Security in School Districts

Blog Post / By
Return to the VPLS Blog

Published

Written by

Filed under

Seim-in-schoolWhen it comes to cyber-security, K-12 school districts have more to lose now than before. In addition to new threats and breaches, cyber-security can also prevent schools from achieving and maintaining unique K-12 requirements, such as FERPA and CIP, which can lead to numerous funding and liability issues in the long run. Educational institutions are especially susceptible to a multitude of cyberattacks. Along with unexpected breaches, overlooked access points in data systems can provide cybercriminals an entry to obtain classified and valuable data.

 

While onsite Security Analysts can help monitor your school premises, many signs or evidence of cybercrimes remain buried within your extensive data log which can go unnoticed for long periods of time. Inevitably, some attacks will also go undetected due to human oversight. This is why having VPLS Managed Security Information and Event Management (SIEM) services at your school environment is extremely crucial to help prevent this form of serious data and revenue loss.

Having Managed SIEM Services by VPLS at your district helps Security Analysts identify any potential attack that may cause immediate damage, calling for a quicker response to take preventative action. Our Managed SIEM services record all security-related activities, such as malware related activity patterns, as well as other suspicious activities, like multiple login attempts, and will alert analysts with a detailed report on the incident, ensuring the right people are aware of what is going on. VPLS Managed SIEM services can also help your K-12 environment be FERPA, CIP, and PCI compliant by backing your school with proper legal and operational specifications. VPLS Managed SIEM Services protect and strengthen any vulnerabilities you have within your data system. Experts at VPLS accomplish this by continuous vulnerability monitoring and regular network vulnerability testing.

Why choose VPLS as your Managed SIEM Service provider?

 VPLS is an AlienVault Gold Managed Service Provider and deploys AlienVault Unified Security Management (USM) to protect thousands of endpoints. Our team of experts are highly skilled and experienced in IT Solutions across-the-board to ensure only the most reliable and professional assistance for your environment. Learn more about how schools can benefit from cyber security.

To learn more about our Managed Security Information Event Management, contact VPLS today!

Read More from this Author

If you enjoyed this article, you'll probably like:

Scroll to Top