The UK National Cyber Security Centre has issued an alert warning organisation to urgently identify and patch Fortinet VPN devices on their networks.
The NCSC alert warns :
The NCSC is concerned that a significant number of organisations in the UK have not patched the Fortinet VPN vulnerability CVE-2018-13379. This continues to be actively exploited by Advanced Persistent Threat groups (APTs) and cyber criminals.
This follows information in late November 2020 that credentials for 50,000 vulnerable Fortinet VPNs worldwide were stolen and then published in a hacker forum.
As well as stealing and publishing the device credentials, the IP addresses of vulnerable Fortinet devices have been published, including 600 that are within the UK.
The NCSC advises users of Fortinet VPN devices that have not yet been patched to assume that the device and connected networks have been compromised and to instigate security incident management procedures.
The patches to resolve this vulnerability were published by Fortinet back in May 2019.
Security Managers can protect their networks from this and similar vulnerabilities by:
- Conducting discovery scans of the network using tools such as NMAP to locate all devices connected to the network and identify any not actively patched or managed.
- Develop a patching strategy for infrastructure devices as well as desktop systems and servers to ensure all devices are patched regularly.
- Use network segmentation to limit the access proved to VPN clients where possible