Immediate action required. Fortinet have evidence credentials for your=
SSL-VPN have been leaked by a malicious third party.
Fortinet is aware that a malicious actor has disclosed SSL-VPN access inf=
ormation to 87,000 FortiGate SSL-VPN devices. These credentials were obta=
ined from systems which were unpatched against
FG-IR-18-384 /
CVE-2018-13379 at the time of the actors scan, but may since have bee=
n patched but the passwords not reset.
Please note that a password reset following upgrade is critical to pro=
tecting against this vulnerability as described in the References below.
If your organization was at any time running an affected version list=
ed below, Fortinet recommends taking immediate action to ensure these cre=
dentials cannot be abused.
Disable all VPN (SSL-VPN or IPSEC) that may be enabled until the foll=
owing remediation steps have been taken.
If you have not upgraded your device from an affected version, d=
o so immediately to the latest available release, as detailed below.
Treat all credentials as potentially compromised and perform an =
organization-wide password reset.
Implement multi-factor authentication, which will help mitigate =
the abuse of any compromised credentials now and in the future.
Recommended Upgrade:
Upgrade to FortiOS 5.4.13, 5.6.14, 6.0.11 or 6.2.8 and above. These a=
re the most recent releases for all originally impacted releases and cont=
ain additional recommended fixes.
References
Please see previous communications on this issue for more details:
Blog (Sept 8, 2021) https://www.fortinet.com/blog/psirt-blogs/malicio=
us-actor-discloses-fortigate-ssl-vpn-credentials
Blog (July 16, 2020) https://www.fortinet.com/blog/psirt-blogs/a=
tp-29-targets-ssl-vpn-flaws
Customer Support Bulletin (July 16, 2020)
CSB-200716-1
© 2021 Fortinet, Inc. All rights reserv=
ed. Fortinet®, FortiGate®, and FortiGuard® are registered tra=
demarks of Fortinet, Inc., and other names herein may also be trademarks =
of Fortinet or third parties. The information herein is provided
for remedial purposes and is designed to assist customers in action that=
may be helpful to the customer. Nothing herein represents any binding co=
mmitment or admission by Fortinet, and Fortinet disclaims all representat=
ions and warranties. All Fortinet end-customers
are bound by the terms of Fortinet’s current End User License Agreement.=
*** Please note that this message and any attachments may contain confid=
ential
and proprietary material and information and are intended only for the us=
e of
the intended recipient(s). If you are not the intended recipient, you are=
hereby
notified that any review, use, disclosure, dissemination, distribution or=
copying
of this message and any attachments is strictly prohibited. If you have r=
eceived
this email in error, please immediately notify the sender and destroy thi=
s e-mail
and any attachments and all copies, whether electronic or printed.
Please also note that any views, opinions, conclusions or commitments exp=
ressed
in this message are those of the individual sender and do not necessarily=
reflect
the views of Fortinet, Inc., its affiliates, and emails are not binding o=
n
Fortinet and only a writing manually signed by Fortinet’s General Counsel=
can be
a binding commitment of Fortinet to Fortinet’s customers or partners. Tha=
nk you. ***