Friday, January 22, 02:30
Home security Hacker announced exploits for about 50.000 vulnerable Fortinet VPNs!

Hacker announced exploits for about 50.000 vulnerable Fortinet VPNs!

A hacker has published a list of one-line exploits aimed at theft credentials of approximately 50.000 Fortinet VPNs Appliances. The list of vulnerable targets includes domains owned by banks and government agencies around the world. The vulnerability reported is CVE-2018-13379, a path-traversal vulnerability affecting a large number of unmatched devices Fortinet FortiOS SSL VPN. Taking advantage of this vulnerability, the hackers can acquire access in system files via specially processed HTTP requests.

Hacker announced exploits for about 50.000 vulnerable Fortinet VPNs!

The exploits posted by the hacker allow access to files sslvpn_websession from Fortinet VPNs and stealing connection credentials. The stolen credentials can then be used to breach a network, as well as to develop ransomware. Although the 2018 vulnerability was publicly revealed a year ago, researchers have identified about 50.000 targets that are still vulnerable to attacks.

Last week, the threat intelligence analyst Bank_Security found a thread in a hacking forum, in which a cybercriminal shared a list of devices of about 50.000 such exploitable targets. After analyzing the list, it was found that among the vulnerable targets are government sectors from around the world, including banks and financial services companies.

Hacker announced exploits for about 50.000 vulnerable Fortinet VPNs!

According to BleepingComputer, of the 50.000 domains, most belonged to banking, financial and government agencies. In addition, the Bank Security analyst told BleepingComputer that after seeing the hacker post on the forum, he began analyzing the list of IPs to determine if and to what extent the targeted organizations were affected. The analyst tried to identify the domain names associated with high-profile organizations and banks.

Hacker announced exploits for about 50.000 vulnerable Fortinet VPNs!

The analyst also pointed out that although this is an old and well-known vulnerability whose exploitation is relatively insignificant, organizations have "a very slow" process of repair, which allows attackers to continue to exploit known vulnerabilities.

It is worth noting that hackers have recently exploited the same vulnerability to violate the election systems of USA. Therefore, network administrators and security professionals are advised to correct this serious vulnerability immediately to prevent possible attacks.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


Mac: How to see which model you have and when it was released

When you need support for your Mac - or want to install some kind of upgrade - you usually need to know the exact ...

Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...

Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...

Cyber ​​attacks in Eastern Europe are on the rise!

The cyber-attacks that have taken place in many US government agencies and companies in recent months have caused concern in the developing countries of ...

Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...