Fortigate is a Virtual Private Network (VPN) firewall product developed by Fortinet.
There’s vulnerability with the Fortigate VPN, that allows an external attacker to download system files via specially crafted HTTP resource requests without authentication [CVE-2018-13379].
Risk
Attackers are using this vulnerability to gain unauthorized access into corporate VPNs, where they can potentially download files containing passwords and other sensitive information from the VPN server.
There’s an estimated 30,000 hosts worldwide that are at risk.
Remediation
Third Party Risk Management
Surface your third party exposure by searching for “CVE-2018-13379” in the Vulnerability Detection or refer to the Confirmed Vulnerabilities in the last 7 days panel in your Portfolio Dashboard.
Security Performance Management
Review your potential exposure by searching for “CVE-2018-13379” in your Patching Cadence findings.
Feedback
0 comments
Please sign in to leave a comment.