Hacker posts a list of exploits for around 50 000 Fortinet VPNs

A list of one-line exploits with the purpose of stealing VPN credentials from Fortinet VPN devices has been posted yesterday. The vulnerability referred to is CVE-2018-13379, a path traversal flaw impacting a big number of unpatched Fortinet FortiOS SSL VPN devices. Abusing this vulnerability allows remote access to the system for the attackers via specific HTTP requests. Fortinet has issued a statement on the situation, where they reminded their users to update their devices. Read more...