23 November 2020

Hacker shares a list of nearly 50,000 vulnerable Fortinet VPN devices


Hacker shares a list of nearly 50,000 vulnerable Fortinet VPN devices

A hacker known online as “pumpedkicks” has posted online a list of one-line exploits that could be used to steal VPN credentials from nearly 50,000 Fortinet VPN devices. The list contains 49,577 IPs vulnerable to Fortinet SSL VPN CVE-2018-13379, according to researchers from Bank Security, who first noticed the leak.

The list of vulnerable targets includes domains belonging to large enterprises, financial institutions, and government organizations from all over the world.

CVE-2018-13379 is a path traversal issue in FortiOS SSL VPN web portal, which allows a remote attacker to conduct directory traversal attack and download arbitrary files from FortiOS SSL VPN web portal, upload malicious files on unpatched systems, and take over Fortinet VPN servers.

According to security researcher Ax Sharma, who examined the exploit shared by “pumpedkicks,” the exploit could allow attackers to access the sslvpn_websession files from FortiNet VPNs to steal login credentials, which then could be used to compromise a network and deploy malware.

Although the flaw was disclosed more than a year ago, many organizations have yet to patch their systems despite multiple warnings from security experts. One of the more recent warnings is a joint alert released by the FBI and CISA last month highlighting attacks on the US state, local, tribal and territorial government networks in which sophisticated hackers are combining VPN and Windows vulnerabilities.

Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024