5
CVSSv2

CVE-2018-13379

Published: 04/06/2019 Updated: 03/06/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 519
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated malicious user to download system files via special crafted HTTP resource requests.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fortinet fortios

Exploits

# Exploit Title: FortiOS Leak file - Reading login/passwords in clear text # Google Dork: intext:"Please Login" inurl:"/remote/login" # Date: 17/08/2019 # Exploit Author: Carlos E Vieira # Vendor Homepage: wwwfortinetcom/ # Software Link: wwwfortinetcom/products/fortigate/fortioshtml # Version: This vulnerability affect ( For ...
# Exploit Title: FortiOS Leak file - Reading login/passwords in clear text # Google Dork: intext:"Please Login" inurl:"/remote/login" # Date: 17/08/2019 # Exploit Author: Carlos E Vieira # Vendor Homepage: wwwfortinetcom/ # Software Link: wwwfortinetcom/products/fortigate/fortioshtml # Version: This vulnerability affect ( For ...

Mailing Lists

FortiOS versions 563 through 567 and 600 through 604 suffer from a credential disclosure vulnerability ...
This Metasploit module exploits FortiOS versions 563 through 567 and 600 through 604 to leverage a credential disclosure vulnerability by reading the /dev/cmdb/sslvpn_websession file ...

Github Repositories

CVE-2018-13379-FortinetVPN An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 600 to 604, 563 to 567 and 546 to 5412 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests detect-fortinetsh = Check if the host is running Fortinet VP

Extract Useful info from SSL VPN Directory Traversal Vulnerability (FG-IR-18-384)

FG-IR-18-384 (CVE-2018-13379) Exploitation Tool Exploit allowing for the recovery of cleartext credentials This tool is provided for testing purposes only Only run it against infrastructure for which you have recieved permission to test Headnod to those who discovered the exploit, more information by the researcher can be found here: blogorangetw/2019/08/attacking-

FG-IR-18-384 (CVE-2018-13379) Exploitation Tool Exploit allowing for the recovery of cleartext credentials This tool is provided for testing purposes only Only run it against infrastructure for which you have recieved permission to test Headnod to those who discovered the exploit, more information by the researcher can be found here: blogorangetw/2019/08/attacking-

Credenciais_de_acesso_Fortinet Script para a CVE-2018-13379, retorna credenciais de acesso vpn em texto claro Permissão de execução: $ sudo chmod +x Fortinetsh Executar script (Obs: é necessário que haja uma lista previa de ipstxt, onde serão varridas apenas as portas 10443) /Fortinetsh

Fortinet FortiOS路径遍历漏洞 (CVE-2018-13379)批量检测脚本

使用方法&免责声明 该脚本为Fortinet FortiOS路径遍历漏洞 (CVE-2018-13379)批量检测脚本。 使用方法:Python CVE-2018-13379py urltxt 漏洞地址输出在vultxt中 影响版本: Fortinet FortiOS 563 - 567、600 - 604 版本中的SSL VPN 受此漏洞影响。 漏洞源于该系统未能正确地过滤资源或文件路径中的

CVE-2018-13379 CVE-2018-13379 Module for Router Scan Project How To Use prepare pip3 install time,threading,ipcalc,requests usage python3 exppy -f [listtxt] Copyright some part of this repository that send tcp response is partly forked from milo2012/CVE-2018-13379 with some changes for APIs of Router Scan Project

CVE-2018-13379 Script for Nmap NSE.

cve2018-13379-nmap-script CVE-2018-13379 Script for Nmap NSE

CVE-2018-13379-FortinetVPN An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 600 to 604, 563 to 567 and 546 to 5412 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests

Fortiscan (CVE-2018-13379) Exploitation Tool You can use this tool to check the vulnerability in your FortiGate SSL-VPN service wwwfortiguardcom/psirt/FG-IR-18-384

CVE-2018-13379 Exploit

FortiOS-Credentials-Disclosure CVE-2018-13379 Exploit Usage : python CVE-2018-13379py listtxt

Archiving Leaked samples from Different sources for Different Uses

Vault6 SunBurst : FireEye Tools Supernova_webshell_backdoor APT_Dropper APTs Android Malware Collection : Anubis Source Dendroid Source Leaks : Readmetxt (Mega/Torrent Linksfiles) WinXp_Source WinServer_Source Intel_Leak Nissan_Leak CVE-2018-13379

-Infiltration-summary 平时工作总结 navicat连接本地mysql数据库 ALTER USER 'root'@'localhost' IDENTIFIED BY 'password' PASSWORD EXPIRE NEVER; ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password'; 远控学习:githubcom/TideSec/BypassAntiVirus 轻型目录访问协议

Fortigate VPN: CVE-2018-13379: Pre-auth arbitrary file reading En el año 2019 se notificaron de vulnerabilidades a los productos de la empresa Fortinet, reportados por los investigadores niph_ y ramoliks los cuales fueron los CVE: CVE-2018-13379: Pre-auth arbitrary file reading CVE-2018-13380: Pre-auth XSS CVE-2018-13381: Pre-auth heap overflow CVE-2018-13382: The magic

A curated list of my functional exploits...

Public-Exploits A curated list of my functional exploits About Public exploits (re)writed for learning purpose or pentesting / red teaming assessments Contents Centreon Centreon Web CVE-2015-1560, CVE-2015-1561 | Centreon Web Time-Based Blind SQLi to RCE Fortinet Fortigate CVE-2018-13379 | Fortigate SSL-VPN Credentials Stealer CVE-2018-13382 | Fortigate SSL-VPN

Dorks for Google, Shodan and BinaryEdge

Dorks are cool Dorks for Google, Shodan and BinaryEdge Only for use on bug bounty programs or in cordination with a legal security assesment I am in no way responsible for the usage of these search queries Be responsible thanks - wwwbugcrowdcom/resource/what-is-responsible-disclosure/ This repository is "under construction" feel free to make pull requests

A curated list of my functional exploits...

Public-Exploits A curated list of my functional exploits About Public exploits (re)writed for learning purpose or pentesting / red teaming assessments Contents Centreon Centreon Web CVE-2015-1560, CVE-2015-1561 | Centreon Web Time-Based Blind SQLi to RCE Fortinet Fortigate CVE-2018-13379 | Fortigate SSL-VPN Credentials Stealer CVE-2018-13382 | Fortigate SSL-VPN

Dataset info & mapping In this repository we provide a full list of all events that were included in the Dataset, and provide the event mappings to expert rules for both the AlienVault and Sigma rules Overview This repository contains the following: eventstxt, a txt file listing all events This full list is also shown in the Section Events below mappings, a direct

vFeed CVEs Vulnerability Indicators that should be addressed to limit the effectiveness of the Leaked FireEye Red Team tools CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 100 CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 100 CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Forti

CVEs enumerated by FireEye and that should be addressed to limit the effectiveness of leaked the Red Team tools CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 100 CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 100 CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Fortigate SSL VPN

红方人员作战执行手册

红方人员实战手册 声明 Author : By klion Date : 2020215 寄语 : 愿 2020 后面的每一天都能一切安好 分享初衷 一来, 旨在为 "攻击" / "防御"方 提供更加全面实用的参考 还是那句老闲话 "未知攻焉知防", 所有单纯去说 "攻" 或者 "防" 的都是耍流氓, 攻守兼备

红方人员实战手册 声明 Author : By klion Date : 2020215 寄语 : 愿 2020 后面的每一天都能一切安好 分享初衷 一来, 旨在为 "攻击" / "防御"方 提供更加全面实用的参考 还是那句老闲话 "未知攻焉知防", 所有单纯去说 "攻" 或者 "防" 的都是耍流氓, 攻守兼备

pocassist database 介绍 本项目为 pocassist 的 sqlite 数据库文件。 poc 更新日志 2021-6-16 漏洞类型 漏洞编号 漏洞名称 SQL 注入 poc-10001 zzcms sql注入 SQL 注入 poc-10007 phpshe 17 sql注入 SQL 注入 poc-10012 Metinfo 任意文件读取漏洞 SQL 注入 poc-10013 FineCMS 5010 任意sql执行 SQL 注入 poc-10015 Joomla Compone

红方人员作战执行手册

红方人员实战手册 声明 Author : By klion Date : 2020215 寄语 : 愿 2020 后面的每一天都能一切安好 分享初衷 一来, 旨在为 "攻击" / "防御"方 提供更加全面实用的参考 还是那句老闲话 "未知攻焉知防", 所有单纯去说 "攻" 或者 "防" 的都是耍流氓, 攻守兼备

Community curated list of template files for the nuclei engine to find security vulnerability and fingerprinting the targets.

Templates are the core of nuclei scanner which power the actual scanning engine This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community We hope that you also contribute by sending templates via pull requests and grow the list Template Directory ├── LICENSE ├── READMEmd ├── basic-dete

Customized templates originally pulled from `projectdiscovery/nuclei-templates`

Nuclei Templates Templates are the core of nuclei scanner which power the actual scanning engine This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community We hope that you also contribute by sending templates via pull requests or Github issue and grow the list Resources Templates Documentation Contr

Kenzer Templates [1289] TEMPLATE TOOL FILE favinizer favinizer favinizeryaml CVE-2017-5638 jaeles jaeles\cvescan\critical\CVE-2017-5638yaml CVE-2017-6360 jaeles jaeles\cvescan\critical\CVE-2017-6360yaml CVE-2017-6361 jaeles jaeles\cvescan\critical\CVE-2017-6361yaml CVE-2017-9841 jaeles jaeles\cvescan\critical\CVE-2017-9841yaml CVE-2018-16763 jaeles jaeles\

2020年发布到阿尔法实验室微信公众号的所有安全资讯汇总

欢迎关注阿尔法实验室微信公众号 20201231 [漏洞] 2020年增加的10个最严重的CVE blogdetectifycom/2020/12/30/top-10-critical-cves-added-in-2020/ Chromium RawClipboardHostImpl中的UAF漏洞 bugschromiumorg/p/chromium/issues/detail?id=1101509 [工具] Sarenka:OSINT工具,将来自shodan、censys等服务的数据集中在一处

TEMPLATE TOOL FILE favinizer favinizer favinizeryaml CVE-2017-5638 jaeles jaeles\cvescan\critical\CVE-2017-5638yaml CVE-2017-6360 jaeles jaeles\cvescan\critical\CVE-2017-6360yaml CVE-2017-6361 jaeles jaeles\cvescan\critical\CVE-2017-6361yaml CVE-2017-9841 jaeles jaeles\cvescan\critical\CVE-2017-9841yaml CVE-2018-16763 jaeles jaeles\cvescan\critical\CVE-2018-1

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr

Recent Articles

Emails, chat logs, more leaked online from far-right militia linked to US Capitol riot
The Register • Iain Thomson in San Francisco • 28 Sep 2021

Get our weekly newsletter Plus: Other infosec news from this month

In brief Emails, chat logs, membership records, donor lists and other files siphoned from a far-right anti-government self-styled militia were leaked online on Monday, it appears.
Some 5GB of data belonging to the Oath Keepers ‒ at least four of whom have been indicted for and admitted their role in the January 6 storming of the US capitol – was passed to the DDoSecrets Collective and shared online. The membership list contains accounts with 160 US government and military email address...

Researchers compile list of vulnerabilities abused by ransomware gangs
BleepingComputer • Sergiu Gatlan • 18 Sep 2021

Security researchers are compiling an easy-to-follow list of vulnerabilities ransomware gangs and their affiliates are using as initial access to breach victims' networks.
All this started with
, a member of Recorded Future's CSIRT (computer security incident response team), on Twitter over the weekend.
Since then, with the help of several other contributors that joined his efforts, the list quickly grew to include security flaws found in products from over a dozen different s...

Thousands of Fortinet VPN Account Credentials Leaked
Threatpost • Lisa Vaas • 09 Sep 2021

Credentials pilfered from 87,000 unpatched Fortinet SSL-VPNs have been posted online, the company has confirmed.
Or then again, maybe the number is far greater. On Wednesday, BleepingComputer reported that it’s been in touch with a threat actor who leaked a list of nearly half a million Fortinet VPN credentials, allegedly scraped from exploitable devices last summer.
The news outlet has analyzed the file and reported that it contains VPN credentials for 498,908 users over 12,856 de...

Patch now? Why enterprise exploits are still partying like it's 1999
The Register • Davey Winder • 08 Sep 2021

Get our weekly newsletter Am I only dreaming, or is this burning an Eternal Blue?

Some vulnerabilities remain unreported for the longest time. The 12-year-old Dell SupportAssist remote code execution (RCE) flaw – which was finally unearthed earlier this year – would be one example.
Others, however, have not only been long since reported and had patches released, but continue to pose a threat to enterprises. A joint advisory from the National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA), published in late July, liste...

FBI: APT hackers breached US local govt by exploiting Fortinet bugs
BleepingComputer • Sergiu Gatlan • 27 May 2021

The Federal Bureau of Investigation (FBI) says state-sponsored attackers breached the webserver of a U.S. municipal government after hacking a Fortinet appliance.
"As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access a webserver hosting the domain for a U.S. municipal government," the FBI's Cyber Division said in a 
 published today.
After gaining access to the local government organization's server, the advanced persistent th...

Iranian hacking group targets Israel with wiper disguised as ransomware
BleepingComputer • Sergiu Gatlan • 25 May 2021

An Iranian hacking group has been observed camouflaging destructive attacks against Israeli targets as ransomware attacks while maintaining access to victims' networks for months in what looks like an extensive espionage campaign.
The threat actor, tracked as 
 by SentinelLabs researchers, has targeted Israel starting with December 2020.
"Initially engaged in espionage activity, Agrius deployed a set of destructive wiper attacks against Israeli targets, masquerading the activ...

Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks
Threatpost • Elizabeth Montalbano • 08 Apr 2021

Threat actors are exploiting a Fortinet vulnerability flagged by the feds last week that delivers a new ransomware strain, dubbed Cring, that is targeting industrial enterprises across Europe.
Researchers say the attackers are exploiting an unpatched path-reversal flaw, tracked as CVE-2018-13379, in Fortinet’s FortiOS. The goal is to gain access to victims enterprise networks and ultimately deliver ransomware, according to a report by Kaspersky researchers published this week.
“...

New Cring ransomware hits unpatched Fortinet VPN devices
BleepingComputer • Sergiu Gatlan • 07 Apr 2021

A vulnerability impacting Fortinet VPNs is being exploited by a new human-operated ransomware strain known as Cring to breach and encrypt industrial sector companies' networks.
 (also known as Crypt3r, Vjiszy1lo, Ghost, Phantom) was 
 by Amigo_A in January and 
 by the CSIRT team of Swiss telecommunications provider Swisscom.
The Cring operators drop customized Mimikatz samples, followed by CobaltStrike after gaining initial access and deploy the ransomware payloads ...

'Anomalous surge in DNS queries' knocked Microsoft's cloud off the web last week
The Register • Iain Thomson in San Francisco • 06 Apr 2021

Plus: Top universities hit by data-stealing extortionists

in Brief It was a tsunami of DNS queries that ultimately took out a host of Microsoft services, from Xbox Live to Teams, for some netizens about an hour on April Fools' Day, Redmond has said.
Or as the Windows giant put it, the outage was the result of "an anomalous surge in DNS queries from across the globe targeting a set of domains hosted on Azure." In a postmortem examination of the downtime, Microsoft said the flood of requests triggered a programming flaw in its infrastructure that h...

FBI: APTs Actively Exploiting Fortinet VPN Security Holes
Threatpost • Tara Seals • 02 Apr 2021

The FBI and the Cybersecurity and Infrastructure Security Agency are warning that advanced persistent threat (APT) nation-state actors are actively exploiting known security vulnerabilities in the Fortinet FortiOS cybersecurity operating system, affecting the company’s SSL VPN products.
According to an alert issued Friday by the FBI and CISA, cyberattackers are scanning devices on ports 4443, 8443 and 10443, looking for unpatched Fortinet security implementations. Specifically, APTs are ...

FBI and CISA warn of state hackers attacking Fortinet FortiOS servers
BleepingComputer • Sergiu Gatlan • 02 Apr 2021

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warn of advanced persistent threat (APT) actors targeting Fortinet FortiOS servers using multiple exploits.
In the Joint Cybersecurity Advisory (CSA) published today, the agencies warn admins and users that the state-sponsored hacking groups are actively exploiting Fortinet FortiOS vulnerabilities
,
, and
.
The attackers are enumerating servers unpatched...

Passwords exposed for almost 50,000 vulnerable Fortinet VPNs
BleepingComputer • Ax Sharma • 25 Nov 2020

A hacker has now leaked the credentials for almost 50,000 vulnerable Fortinet VPNs.
Over the weekend a hacker had posted a list of
 for CVE-2018-13379 to steal VPN credentials from these devices, as reported by BleepingComputer.
Present on the list of vulnerable targets are domains belonging to high street banks, telecoms, and government organizations from around the world.
The exploitation of critical FortiOS vulnerability CVE-2018-13379 lets an attacker access ...

Hacker posts exploits for over 49,000 vulnerable Fortinet VPNs
BleepingComputer • Ax Sharma • 22 Nov 2020

A hacker has posted a list of one-line exploits to steal VPN credentials from almost 50,000 Fortinet VPN devices.
Present on the list of vulnerable targets are domains belonging to high street banks and government organizations from around the world.
The vulnerability being referred to here is CVE-2018-13379, a path traversal flaw impacting a large number of unpatched FortiNet FortiOS SSL VPN devices.
By exploiting this vulnerability, unauthenticated remote attackers can a...

Attackers chain Windows, VPN flaws to target US government agencies
welivesecurity • 13 Oct 2020

Threat actors have been chaining vulnerabilities in Windows and Virtual Private Network (VPN) services to target various government agencies, critical infrastructure and election organizations, according to a warning by the United States’ Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI). The technique, which involves exploiting several flaws over the course of a single attack to infiltrate an organization’s network, is part of the gangs’ ram...

Election Systems Under Attack via Microsoft Zerologon Exploits
Threatpost • Lindsey O'Donnell • 13 Oct 2020

U.S. government officials have warned that advanced persistent threat actors (APTs) are now leveraging Microsoft’s severe privilege-escalation flaw, dubbed “Zerologon,” to target elections support systems.
Days after Microsoft sounded the alarm that an Iranian nation-state actor was actively exploiting the flaw (CVE-2020-1472), the Cybersecurity Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a joint advisory warning of further attacks.

The seven deadly sins letting hackers hijack America's govt networks: These unpatched bugs leave systems open
The Register • Shaun Nichols in San Francisco • 12 Oct 2020

'Unauthorized access to elections support systems' detected tho 'no evidence to date that integrity of elections data has been compromised' Big US election coming up, security is vital and, oh look... a federal agency just got completely pwned for real

If you're wondering which bugs in particular miscreants are exploiting to break into, or attempt to break into, US government networks, wonder no more. And then make sure you've patched them.
Uncle Sam's Dept of Homeland Security has this month identified at least six possible routes into the nation's computer systems, and the method used to gain total control over the machines once inside. Those six vulnerabilities are...
...plus CVE-2020-1472, aka ZeroLogon, in Microsoft Windows, w...

Iranian hackers are selling access to corporate networks
BleepingComputer • Sergiu Gatlan • 01 Sep 2020

An Iranian-backed hacker group has been observed while seeking to sell access to compromised corporate networks to other threat actors on underground forums and attempting to exploit F5 BIG-IP devices vulnerable to CVE-2020-5902 exploits.
The Iranian hackers have been active since at least 2017 and are being tracked as Pioneer Kitten by cyber-security firm Crowdstrike, as Fox Kitten [
,
] by threat intelligence firm ClearSky, and as
[
,
] by ICS security f...

Hackers Look to Steal COVID-19 Vaccine Research
Threatpost • Tara Seals • 16 Jul 2020

Threat actor known as APT29 has been hard at work attempting to pilfer COVID-19 vaccine research from academic and pharmaceutical research institutions in various countries around the world, including the U.S.
That’s according to a joint alert from the U.S. Department of Homeland Security (DHS), the U.K.’s National Cyber Security Centre (NCSC) and Canada’s Communications Security Establishment (CSE),  issued Thursday.
The 14-page advisory details the recent activity of Russi...

NSA releases guidance on securing IPsec Virtual Private Networks
BleepingComputer • Sergiu Gatlan • 02 Jul 2020

The US National Security Agency (NSA) has published guidance on how to properly secure IP Security (IPsec) Virtual Private Networks (VPNs) against potential attacks.
Besides providing organizations with recommendations on how to secure IPsec tunnels, NSA's VPN guidance also highlights the importance of using strong cryptography to protect sensitive info contained within traffic while traversing untrusted networks when connecting to remote servers.
Following these recommendations...

APT Groups Exploiting Flaws in Unpatched VPNs, Officials Warn
Threatpost • Elizabeth Montalbano • 08 Oct 2019

State-sponsored advanced persistent threat (APT) groups are using flaws in outdated VPN technologies from Palo Alto Networks, Fortinet and Pulse Secure to carry out cyber attacks on targets in the United States and overseas, warned U.S. and U.K. officials.
The National Security Agency (NSA) issued a Cybersecurity Advisory Monday about the threats and offered mitigation suggestions, warning that multiple APT actors have weaponized three critical vulnerabilities first published in August–C...

Fortinet patches bug letting attackers takeover servers remotely
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Fortinet has released security updates to address a command injection vulnerability that can let attackers take complete control of servers running vulnerable FortiWeb web application firewall (WAF) installations.
The security flaw discovered by Rapid7 researcher William Vu impacts is yet to receive a CVE ID, and it impacts Fortinet FortiWeb versions 6.3.11 and earlier.
Successful exploitation allows authenticated attackers to execute arbitrary commands as the root user on the under...

The Register

If you're wondering which bugs in particular miscreants are exploiting to break into, or attempt to break into, US government networks, wonder no more. And then make sure you've patched them.
Uncle Sam's Dept of Homeland Security has this month identified at least six possible routes into the nation's computer systems, and the method used to gain total control over the machines once inside. Those six vulnerabilities are...
...plus CVE-2020-1472, aka ZeroLogon, in Microsoft Windows, w...

The Register

in Brief It was a tsunami of DNS queries that ultimately took out a host of Microsoft services, from Xbox Live to Teams, for some netizens about an hour on April Fools' Day, Redmond has said.
Or as the Windows giant put it, the outage was the result of "an anomalous surge in DNS queries from across the globe targeting a set of domains hosted on Azure." In a postmortem examination of the downtime, Microsoft said the flood of requests triggered a programming flaw in its infrastructure that h...

Fortinet delays patching zero-day allowing remote server takeover
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Fortinet has delayed patching a zero-day command injection vulnerability found in the FortiWeb web application firewall (WAF) until the end of August.
Successful exploitation can let authenticated attackers execute arbitrary commands as the root user on the underlying system via the SAML server configuration page.
While attackers must be authenticated to the management interface of the targeted FortiWeb device to abused this bug, they can easily chain it with other vulnerabilitie...

Hackers used VPN flaws to access US govt elections support systems
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Government-backed hackers have compromised and gained access to US elections support systems by chaining together VPN vulnerabilities and the recent Windows CVE-2020-1472 security flaw.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says that advanced persistent threat (APT) actors used this vulnerability chaining tactic to target federal and SLTT (state, local, tribal, and territorial) government networks, as well as election organizations, and critical infrastructure....