Fortigate VPN [CVE-2018-13379] – Bitsight Knowledge Base

Publication Date – October 15, 2019

Fortigate is a Virtual Private Network (VPN) firewall product developed by Fortinet.

There’s vulnerability with the Fortigate VPN, that allows an external attacker to download system files via specially crafted HTTP resource requests without authentication [CVE-2018-13379].

Risk

Attackers are using this vulnerability to gain unauthorized access into corporate VPNs, where they can potentially download files containing passwords and other sensitive information from the VPN server.

There’s an estimated 30,000 hosts worldwide that are at risk.

Remediation

Third Party Risk Management

Surface your third party exposure by searching for “CVE-2018-13379” in the Vulnerability Detection or refer to the Confirmed Vulnerabilities in the last 7 days panel in your Portfolio Dashboard.

Security Performance Management

Review your potential exposure by searching for “CVE-2018-13379” in your Patching Cadence findings.

References

The National Security Agency (NSA) - October 7, 2019
ZDNET, “Hackers mount attacks on Webmin servers, Pulse Secure, and Fortinet VPNs” - August 25, 2019

Articles in this section

Risk

Remediation

Third Party Risk Management

Security Performance Management

References

Related articles