Recently Browsing 0 members
No registered users viewing this page.
Members online now
No members to show
By Kevin Beaumont
CVE-2018-13379 is being exploited in the wild on Fortigate SSL VPN firewalls. These exist as a perimeter security control, so it's a bad vulnerability.
Using BinaryEdge.io I can see scanning activity from last night for first time for this vulnerability:
The scanning traffic is taking place across the whole internet it appears, spray and pray style.
The vulnerability is ridiculously easy to exploit, it's a 1996 style pre-auth ../ webserver exploit to read plain text administrator credentials:
May 24th 2019 - Vendor posts advisory - https://fortiguard.com/psirt/FG-IR-18-384
June 4th 2019 - Vendor updates advisory to correct impacted versions
August 9th 2019 - Blog explaining the different vulnerabilities in FortiOS, including this one.
August 14th 2019 - Exploit appears on GitHub and exploitation details posted in TLP Rainbow.
August 17th 2019 - Another exploit, checks if vulnerable before exploit.
August 21nd 2019 - Exploitation seen in wild.
By Tim Corless
Came across this on my travels: https://portswigger.net/daily-swig/webmin-backdoor-blamed-on-software-supply-chain-breach
Webmin software was backdoored for over a year. If you're using one of those vulnerable versions, update now!
According to shodan and some google dorks, there are quite a lot still vulnerable