Critical Security Flaw in Fortinet FortiOS SSL Continues to Plague Organizations

A four-year-old critical security flaw impacting Fortinet FortiOS SSL has resurfaced as one of the most frequently exploited vulnerabilities in 2022. Malicious cyber actors have been relentless in their exploitation of CVE-2018-13379, a path traversal defect in the FortiOS SSL VPN web portal. This flaw allows attackers to download FortiOS system files through carefully crafted HTTP resource requests, and its continued weaponization indicates organizations' failure to apply timely patches.

In a joint alert issued by cybersecurity and intelligence agencies from the Five Eyes nations (Australia, Canada, New Zealand, the U.K., and the U.S.), it was revealed that cyber attackers preferred to exploit older software vulnerabilities more frequently than recently disclosed ones. The report highlights the concerning trend of targeting unpatched, internet-facing systems, which leaves organizations vulnerable to attacks.

The advisory suggests that malicious actors prioritize developing exploits for severe and widely known CVEs like CVE-2018-13379. While sophisticated attackers may also target other vulnerabilities, exploiting critical and globally prevalent flaws provides them with low-cost, high-impact tools that can be effective for several years.

Failure to Patch Leaves Organizations Exposed

The prevalence of CVE-2018-13379 in the list of most exploited bugs in 2020, 2021, and now in 2022 is a clear indication that organizations have not adequately addressed this security flaw. The vulnerability's impact can be mitigated by applying patches in a timely manner, but many entities have failed to do so, exposing their systems to potential breaches.

Other Widely Exploited Vulnerabilities

Apart from CVE-2018-13379, there are other vulnerabilities that have been extensively targeted by cyber attackers. Some notable ones include:

• • CVE-2021-34473, CVE-2021-31207, and CVE-2021-34523 (ProxyShell)
• • CVE-2021-40539 (Unauthenticated Remote Code Execution in Zoho ManageEngine ADSelfService Plus)
• • CVE-2021-26084 (Unauthenticated Remote Code Execution in Atlassian Confluence Server and Data Center)
• • CVE-2021-44228 (Log4Shell)
• • CVE-2022-22954 (Remote Code Execution in VMware Workspace ONE Access and Identity Manager)
• • CVE-2022-22960 (Local Privilege Escalation Vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation)
• • CVE-2022-1388 (Unauthenticated Remote Code Execution in F5 BIG-IP)
• • CVE-2022-30190 (Follina)
• • CVE-2022-26134 (Unauthenticated Remote Code Execution in Atlassian Confluence Server and Data Center)

Importance of Timely Patching

The U.K.'s National Cyber Security Centre (NCSC) emphasizes that attackers often see the most success within the first two years of a vulnerability's public disclosure. Timely patching is vital in reducing the effectiveness of known, exploitable vulnerabilities. It not only slows down cyber attackers' operations but also forces them to pursue more resource-intensive and time-consuming methods, such as developing zero-day exploits or targeting software supply chains.

Protecting Against Cyber Threats

In the ever-evolving landscape of cybersecurity risks, organizations must prioritize vulnerability management and patching. Staying up to date with the latest security updates and promptly addressing known vulnerabilities is crucial to safeguarding their IT infrastructure against potential cyberattacks.

Conclusion

The resurgence of the critical security flaw CVE-2018-13379 in Fortinet FortiOS SSL serves as a wake-up call for organizations to take vulnerability scanning and patching seriously. Cyber attackers continue to exploit known vulnerabilities, emphasizing the need for timely and robust security measures. By proactively addressing these weaknesses, organizations can significantly enhance their cybersecurity posture and protect themselves from potential breaches.