Security Alert: Multiple Fortinet Operating System Vulnerabilities

April 06, 2021 | Posted in:

Security Bulletins & Alerts

Systems Engineering is aware of the FBI and CISA joint security advisory indicating threat actors are potentially using multiple Common Vulnerabilities and Exposures (CVE) to exploit Fortinet operating systems, known as FortiOS. The advisory calls out three vulnerabilities that may be used to gain access to business networks to begin data exfiltration or data encryption attacks. Vulnerabilities include;

FortiOS SSL VPN’s web portal
May allow an unauthorized attacker to download FortiOS system files.
(Review 09.04.19 Security Alert)
HIGH CVE-2018-13379
FortiOS SSL VPN FortiToken
May allow authentication bypass of two-factor authentication when changing the case of username. An attacker would need user credentials (username & password) to access the SSL VPN. 
MEDIUM CVE-2020-12812
FortiOS LDAP Server 
May allow an unauthorized attacker on the same IP subnet to intercept sensitive information by impersonating the LDAP server.
MEDIUM CVE-2019-5591

Course of Action

We recommend that all Systems Engineering clients patch their FortiOS for these vulnerabilities. SE EventWatch® and SE Essentials managed services clients had the high-risk vulenerability (CVE-2018-13379) patched when the security update became available. Currently, we are proactively working with these services clients to address the two medium risk vulnerabilities (CVE-2020-12812 and CVE-2019-5591.)

If you are a client not covered under one of the previously mentioned services and would like assistance with patching your FortiOS, please reach out to our Customer Service team at 207.772.4199 to schedule a FortiOS security patch ticket.

For all clients, please contact your Account Manager with any questions regarding these FortiOS vulnerabilities.