FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities – April 5, 2021

CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory(https://www.ic3.gov/Media/News/2021/210402.pdf) (CSA)  to warn users and administrators of the likelihood that advanced persistent threat (APT) actors are actively exploiting known Fortinet FortiOS vulnerabilities CVE-2018-13379 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13379), CVE-2020-12812 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12812), and CVE-2019-5591 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5591). APT actors may use these vulnerabilities or other common exploitation techniques to gain initial access to multiple government, commercial, and technology services. Gaining initial access pre-positions the APT actors to conduct future attacks.

CISA encourages users and administrators to review Joint CSA AA21-092A: APT Actors Exploit Vulnerabilities to Gain Initial Access for Future Attacks(https://www.ic3.gov/Media/News/2021/210402.pdf) —as well as CISA’s current activity alert(https://us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios) —and implement the recommended mitigations.

As always, please contact CISA (via email at central@cisa.dhs.gov  or by phone at 1-888-282-0870) to report an intrusion or to request either technical assistance or additional resources for incident response.  

Thank you for your continued collaboration.

Cybersecurity and Infrastructure Security Agency
Defend Today Secure Tomorrow