Subscribe To Our Newsletter!

Stay up to date on the top trending threats as well as the top stories in Security, Networks, Cloud, IT Ops & AIOps.

CVE-2018-13379 – Do You KNOW This Vulnerability?

Recently, a hacker exploited this vulnerability to leak the credentials of almost 50,000 vulnerable Fortinet VPNs.

Post by Rajarshi Mitra Nov 27, 2020

As per KNOW’s threat intel dashboard, CVE-2018-13379 is the third most trending vulnerability over the last 7 days.

CVE-2018-1337 trending vulnerabilities

What is CVE-2018-13379?

CVE-2018-13379 is a path traversal vulnerability in FortinetOS SSL VPN web portal. By exploiting this vulnerability, unauthenticated attackers can download FortiOS system files from the server. Attackers can perform trial and error to search and reach sensitive files on the target server. This vulnerability’s business impact could be immense since it allows threat actors to cause severe system downtime and significant financial losses.

Why is CVE-2018-13379 trending?

Recently, a hacker exploited CVE-2018-13379 to leak the credentials of almost 50,000 vulnerable Fortinet VPNs. A hacker had previously posted a list of one-line exploits for CVE-2018-13379 to steal VPN credentials from various devices. The list included IPs belonging to high street banks, telecoms, and government organizations worldwide.

Twitter reacts to CVE-2018-13379

#1 Bleeping Computer

#2 Bank Security

#3 HackRead

 

CVE-2018-13379 references from KNOW

CVE-2018-13379 references from social media

  • Total references: 389
  • Last 60 days: 114
  • Previous 7 days: 46

CVE-2018-13379 context from KNOW

CVE-2018-13379 context from KNOW

 

Securing CVE-2018-13379 with Threat and Attack Surface Intelligence

KnowledgeNOW from Netenrich is a first-of-its-kind FREE global threat intelligence platform.

KNOW is our threat intel and news-aggregator platform that allows you to gain the latest context of the hottest news in the global threatlandscape.

Your SecOps and IT Ops teams are continually observing your network 24*7, yet adversaries like FIN11 always manage to go through. To be fair, it’s not really their fault because current risk models cause them to chase false positives instead of tracking business-critical threats.

Netenrich’s resolution intelligence uses a combination of threat and attack surface intelligence that effectively addresses the following pain points:

  • Your organization’s attack surface is growing faster than your SecOps team and budget.
  • Threat actors can see exposed assets that lie outside your security’s purview.
  • There is a severe lack of talent and skill gaps is getting wider than ever before.
  • Attacks are more frequent and it only takes one to inflict severe, irreversible damage on your organization and business reputation.

Resolution intelligence is a powerful combination of machine and human intel that helps your SecOps to:

  • Find hidden risks in your brand.
  • Prioritize business-critical alerts.
  • Stay informed about the most trending threats.
  • Reduce alert fatigue by a considerable amount.

Do you want to know how we do all this? Well, first, you should subscribe to KNOW. Don’t worry. It’s completely free.

Alright, I will subscribe.

Next, you should know more about what resolution intel brings to the table. So, click on the button below to read up on it.

Awesome, let's do it

About the Author

Rajarshi Mitra

Rajarshi is a creative and accomplished writer who made his mark in the blockchain space before stepping into cybersecurity. When he is not working, he is busy chilling with his wife and cat.

Subscribe To Our Newsletter!

The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.

Thank you for subscribing!

Related Post

Jan 13 2021

Turla Group: Do You KNOW This Threat Actor?

New evidence links the infamous SolarWinds hack to this threat actor.

Read More
Jan 12 2021

Rokrat – Do You KNOW This Malware

North Korean threat actors have been using this malware to target victims in South Korea.

Read More