Two particularly concerning vulnerabilities continue to plague organizations worldwide: CVE-2018-13379, a path traversal vulnerability in Fortinet’s FortiGate SSL VPN devices, and CVE-2022-40684, an authentication bypass flaw affecting Fortinet FortiOS, FortiProxy, and FortiManager. Even years after their disclosure, critical VPN vulnerabilities continue to enable threat actors to steal credentials and gain administrative control over corporate networks at an unprecedented scale. CVE-2018-13379, despite being nearly five years old, remains on CISA’s list of routinely exploited vulnerabilities, providing attackers with direct access to plaintext credentials without requiring advanced tools or expertise. Threat actors are sharing sophisticated, Python-based tools designed to exploit these vulnerabilities at scale, which shows an automated PoC for CVE-2018-13379 shared on a cybercriminal forum. ReliaQuest researchers identified a staggering 4,223% increase in chatter related specifically to Fortinet VPNs on cybercriminal forums since 2018, highlighting threat actors’ growing focus on exploiting these vulnerabilities. Organizations must prioritize patching these vulnerabilities and implement network segmentation, multi-factor authentication, and continuous monitoring to protect their VPN infrastructure from these increasingly sophisticated attacks. The exploit code, capable of scanning up to 5 million IPs daily, automates the creation of administrative accounts, extraction of sensitive data, and deployment of malicious policies, all while generating organized output files detailing successful exploits and vulnerable servers. VPN infrastructure has become a prime target for cybercriminals and state-sponsored actors, with vulnerabilities in these systems serving as gateways to widespread organizational compromise. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Both maintain an alarming 97% Exploit Prediction Scoring System (EPSS) score, placing them among the top 3% of vulnerabilities most likely to be exploited within the next 30 days. The research team also discovered that 64% of VPN vulnerabilities are directly linked to ransomware campaigns, demonstrating how quickly attackers monetize stolen credentials. The enduring popularity of these vulnerabilities stems from their effectiveness and the slow pace of patching across organizations. This breach exposed sensitive data including IP addresses, VPN credentials, and configuration files from government and private sector organizations.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 19 Mar 2025 11:30:21 +0000