- September 21, 2021: Visibility into port 10433 is now available.
- September 20, 2021: Published.
If you use FortiGate VPN by Fortinet, which has a directory traversal vulnerability [CVE-2018-13379], then you may be at risk of ransomware and/or data leak. This vulnerability is detected through ports 443 and 10443.
What You Can Do
Refer to the Fortinet blog for guidance and remediation instructions.
Determine the Level of Exposure in Your Portfolio
Use the Latest News card in your Portfolio Dashboard to search for companies in your portfolio that are potentially affected by this vulnerability.
Determine Your Organization’s Level of Exposure
To search for companies in your organization that may be affected by this vulnerability, go to:
- Use the Vulnerability Catalog report to search for CVE-2018-13379.
- Fortinet Blog, “Malicious Actor Discloses FortiGate SSL-VPN Credentials”
- Bitsight Academy, “Fortinet VPN Credentials Leak”
- Bitsight Blog, “Fortinet Leak Demonstrates Need For Remote Access System Patching”
Frequently Asked Questions
What does Bitsight see?
We have been collecting telemetry on devices vulnerable to CVE-2018-13379 across the entire Internet since September 2019, shortly after details about this vulnerability became public. We have historical data on vulnerable devices since that time, which may help track who may have been impacted by this latest data leak.