It appears that a critical vulnerability in Fortinet’s virtual private network (VPN) service was recently exploited by hackers, allowing them to gain access to customers’ systems.
This security flaw, which was uncovered by cybersecurity firm Check Point, can allow malicious actors to execute arbitrary code on Fortinet devices, creating a dangerous and successful backdoor for the attackers. The breach, however, has been identified and patched to prevent further unauthorised access.
The breached software in question is FortiOS, a security suite designed specifically to protect enterprise networks from cyberattacks. This product was not the only one compromised, as other copies of the software including the IPsec VPN client, FortiClient, were also breached. In all instances, this critical vulnerability allowed potential attackers to become very powerful on the victim’s networks.
Check Point researchers have stated that the attackers likely used a combination of fortios_config_backdoor, CVE-2018-13379, and network impersonation to facilitate the breaches. With fortios_config_backdoor, malicious actors are able to access the root account in Fortios and potentially execute “any command on the machine”. In addition, the CVE-2018-13379 vulnerability could also allow attackers to bypass authentication and login to any Fortinet system.
Fortinet has since released a patch to address this critical vulnerability. However, a number of customers have already been affected by this attack. The company has encouraged its customers to update their software as soon as possible in order to mitigate the potential risks posed by the breach.
This incident marks a major security breach for Fortinet, as the software is widely used by government organisations, educational institutions, and businesses across the globe. It goes to show just how vulnerable many companies are to cyberattacks and just how quickly such a breach can occur.
It is imperative that organisations take all necessary steps to protect themselves from malicious actors. This means regularly patching systems to ensure that there are no security flaws that can be exploited, as well as implementing strong passwords, two factor authentication, and other security protocols, to help stop intruders from gaining access to their networks.
Having the right cybersecurity solutions – including the best-in-class network security, threat prevention, and cloud security postures – is also essential. A multi-layered defense, paired with the right education and awareness training, is key to protect organisations’ networks and data.
