FBI & CISA Issue Joint Advisory to Warn of Active Exploits on Fortinet FortiOS - Secon Cyber

Loading

Tuesday 6 April 2021

The impact of this issue announcement is high. Please act accordingly to rectify the issue, as stated below.

What's affected:

Fortinet FortiOS

What you need to know:

The Federal Bureau of Investigation (FBI) and Cyber & Infrastructure Security Agency (CISA) have released a joint advisory to warn Fortinet FortiOS administrators on Advanced Persistent Threats (APT) actively scanning devices on ports 4443, 8443, and 10443 for CVE-2018-13379, as well as device enumerations for CVE-2020-12813 and CVE-2019-5591 to gain access.

Actions to be taken:

Administrators are urged to patch the said vulnerabilities if they have not been patched yet.

Sources:

https://us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios

Further reading:

https://threatpost.com/fbi-apts-actively-exploiting-fortinet-vpn-security-holes/165213/

Phone: +44(0)203 657 0707

Email: [email protected]

We protect. You Achieve.

Secon Cyber is a leading cyber security company that provides a wide range of cyber security services and technologies to a substantial and diversified client base that includes corporations, financial institutions and governments. Founded in 1999, the firm is headquartered in the UK.

Get in Touch

Phone: +44(0)203 657 0707

Email: [email protected]

Subscribe for our updates