Experts reported that experienced hackers can exploit vulnerabilities in Fortinet FortiOS VPN in an attempt to attack companies.

Fortinet FortiOS SSL VPN is used primarily in firewalls that protect sensitive internal networks from the public Internet. According to experts, attackers are enumerating servers unpatched against CVE-2020-12812 and CVE-2019-5591, and scanning for CVE-2018-13379 vulnerable devices. Two of the three patched vulnerabilities (CVE-2018-13379 and CVE-2020-12812) are particularly dangerous because they allow an unauthorized attacker to steal credentials and connect to vulnerable VPN installations.

If VPN credentials are also used by other internal services (i.e. Active Directory, LDAP), then the attacker will immediately gain access to these services with the privileges of the user whose credentials were stolen. Then attacker can explore the network looking for vulnerabilities in various internal services.

Fortinet also reported on the page that: «CVE-2018-13379 is an old vulnerability that has been fixed. Fortinet issued a security advisory for this vulnerability – FG-IR-18-384 in May 2019. CVE-2019-5591 was resolved in July 2019 (security advisory - FG-IR-19-037) and CVE-2020-12812 was resolved in July 2020 (security advisory - FG-IR-19-283). We strongly recommend that users immediately apply updates and mitigations.»