On April 2, 2021, the FBI and the Cybersecurity & Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory warning that advanced persistent threat (APT) actors are actively exploiting known Fortinet FortiOS vulnerabilities. The threat actors may use these vulnerabilities to gain access to client environments.
The agencies say that CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591 are being exploited. Each of these vulnerabilities is known and patches have been issued, but unless the patches are applied, Fortinet FortiOS builds remain open to compromise.
“The APT actors may be using any or all of these CVEs to gain access to networks across multiple critical infrastructure sectors to gain access to key networks as pre-positioning for follow-on data exfiltration or data encryption attacks,” the agencies say. “APT actors may use other CVEs or common exploitation techniques—such as spear phishing—to gain access to critical infrastructure networks to pre-position for follow-on attacks.”
Logically has initiated a high-priority response to identify customers at risk and to mitigate the vulnerabilities. That process includes reporting all customers using Fortigate devices and identifying those requiring firmware upgrades to mitigate the threat posed by the vulnerabilities.
Please contact us if you’d like us to review your current defense and visibility tools to ensure you’re not negatively impacted by this latest threat. For more information on how we can help improve your security posture, speak to an expert today.