23 November 2020

Hacker shares a list of nearly 50,000 vulnerable Fortinet VPN devices


Hacker shares a list of nearly 50,000 vulnerable Fortinet VPN devices

A hacker known online as “pumpedkicks” has posted online a list of one-line exploits that could be used to steal VPN credentials from nearly 50,000 Fortinet VPN devices. The list contains 49,577 IPs vulnerable to Fortinet SSL VPN CVE-2018-13379, according to researchers from Bank Security, who first noticed the leak.

The list of vulnerable targets includes domains belonging to large enterprises, financial institutions, and government organizations from all over the world.

CVE-2018-13379 is a path traversal issue in FortiOS SSL VPN web portal, which allows a remote attacker to conduct directory traversal attack and download arbitrary files from FortiOS SSL VPN web portal, upload malicious files on unpatched systems, and take over Fortinet VPN servers.

According to security researcher Ax Sharma, who examined the exploit shared by “pumpedkicks,” the exploit could allow attackers to access the sslvpn_websession files from FortiNet VPNs to steal login credentials, which then could be used to compromise a network and deploy malware.

Although the flaw was disclosed more than a year ago, many organizations have yet to patch their systems despite multiple warnings from security experts. One of the more recent warnings is a joint alert released by the FBI and CISA last month highlighting attacks on the US state, local, tribal and territorial government networks in which sophisticated hackers are combining VPN and Windows vulnerabilities.

Back to the list

Latest Posts

Vulnerability summary for the week: January 22, 2021

Vulnerability summary for the week: January 22, 2021

A weekly vulnerability digest.
22 January 2021
Windows Remote Desktop servers abused to amplify DDoS attacks

Windows Remote Desktop servers abused to amplify DDoS attacks

The Microsoft Windows RDP service may be abused to launch UDP reflection/amplification attacks with an amplification ratio of 85.9:1.
22 January 2021
Hackers accidentally exposed stolen credentials via Google search

Hackers accidentally exposed stolen credentials via Google search

The stolen data was saved in a publicly visible file that was indexable by Google.
22 January 2021