What is CVE-2018-13379?
CVE-2018-13379 is a path traversal vulnerability in FortinetOS SSL VPN web portal. By exploiting this vulnerability, unauthenticated attackers can download FortiOS system files from the server. Attackers can perform trial and error to search and reach sensitive files on the target server. This vulnerability’s business impact could be immense since it allows threat actors to cause severe system downtime and significant financial losses.
Why is CVE-2018-13379 trending?
Recently, a hacker exploited CVE-2018-13379 to leak the credentials of almost 50,000 vulnerable Fortinet VPNs. A hacker had previously posted a list of one-line exploits for CVE-2018-13379 to steal VPN credentials from various devices. The list included IPs belonging to high street banks, telecoms, and government organizations worldwide.
Twitter reacts to CVE-2018-13379
#1 Bleeping Computer
Last week a list containing one-line exploits for 49,577 Fortinet VPN devices was posted to a hacker forum. These exploits are for the CVE-2018-13379 vulnerability and can be used to steal credentials from the device's sslvpn_websession file.https://t.co/LNTTWVj2Om
— BleepingComputer (@BleepinComputer) November 25, 2020
#2 Bank Security
The Threat Actor "pumpedkicks" shared a list of 49,577 IPs vulnerable to Fortinet SSL VPN CVE-2018-13379.
The Actor also claims to have the clear text credentials associated with these IPs. pic.twitter.com/usIyKi3Tl0
— Bank Security (@Bank_Security) November 19, 2020
— HackRead.com (@HackRead) November 25, 2020
CVE-2018-13379 references from KNOW
- Total references: 389
- Last 60 days: 114
- Previous 7 days: 46
CVE-2018-13379 context from KNOW
- CVSS 3.0 score: 9.8
- Related campaign: Fox Kitten
- Corresponding threat actor: APT29 The Dukes
- Intrusion method: Path traversal
- Patch: https://fortiguard.com/advisory/FG-IR-18-384
Securing CVE-2018-13379 with Threat and Attack Surface Intelligence
KNOW is our threat intel and news-aggregator platform that allows you to gain the latest context of the hottest news in the global threatlandscape.
Your SecOps and IT Ops teams are continually observing your network 24*7, yet adversaries like FIN11 always manage to go through. To be fair, it’s not really their fault because current risk models cause them to chase false positives instead of tracking business-critical threats.
- Your organization’s attack surface is growing faster than your SecOps team and budget.
- Threat actors can see exposed assets that lie outside your security’s purview.
- There is a severe lack of talent and skill gaps is getting wider than ever before.
- Attacks are more frequent and it only takes one to inflict severe, irreversible damage on your organization and business reputation.
Resolution intelligence is a powerful combination of machine and human intel that helps your SecOps to:
- Find hidden risks in your brand.
- Prioritize business-critical alerts.
- Stay informed about the most trending threats.
- Reduce alert fatigue by a considerable amount.
Do you want to know how we do all this? Well, first, you should subscribe to KNOW. Don’t worry. It’s completely free.Alright, I will subscribe.
Next, you should know more about what resolution intel brings to the table. So, click on the button below to read up on it.Awesome, let's do it
Subscribe To Our Newsletter!
The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.
Thank you for subscribing!