How can we help?
Fortinet have updated their advisory for CVE-2018-13379 to acknowledge the publication of 87,000 stolen credentials. These are believed to have been collected in the same way as a previous leak of 50,000 passwords for the same devices.
FortiGate users who were previously vulnerable to this exploit may have had their credentials leaked.
This is historic data so even patched devices may have credentials in the data.
FortiOS 6.0 – 6.0.0 to 6.0.4
FortiOS 5.6 – 5.6.3 to 5.6.7
FortiOS 5.4 – 5.4.6 to 5.4.12
Containment, Mitigations & Remediations
FortiGates support MFA which would prevent a malicious actor from logging in with stolen credentials. Impacted companies may wish to review wider exposure to risk as IP addresses and usernames are exposed. This may facilitate separate targeting of accounts or individuals that are now known to have a level of privilege within the organisation.