Fortinet Technology Vulnerabilities
May 9th, 2023 |
Ransomware and payout incidents associated with vulnerabilities in Fortinet security technologies have increased significantly in the past 6 months. This is due to multiple major vulnerabilities that are being actively exploited by attackers.
According to several Cyber Insurance carriers, there has been a 4x increase in claims for customers using Fortinet security technologies, especially Fortinet VPN technologies. Customers that have not updated their Fortinet firmware are susceptible to 20 vulnerabilities that can be leveraged for exploitation of the security devices and the systems they protect.
These exploits enable attackers to execute unauthorized commands and bypass authentication on Fortinet devices as well as remote devices using them for privileged access.
The following CVEs are just a few of the various Fortinet exploits:
-
CVE-2023-27999 An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
-
CVE-2022-40682 An incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 – 7.0.7, 6.4.0 – 6.4.9, 6.2.0 – 6.2.9 and 6.0.0 – 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe.
-
CVE-2022-40684 An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
-
CVE-2022-42469 A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal.
-
CVE-2022-40679 An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all versions, 5.4 all versions, 5.5 all versions, 5.6 all versions and FortiDDoS-F 6.4.0, 6.3.0 through 6.3.3, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
To learn about more Fortinet CVEs – click here.
Acreto Solution
Acreto can protect even Internet-touching technologies (including Fortinet appliances) quickly and simply without products or re-architecture.
Acreto Ecosystems use advanced isolation capabilities to protect systems that interoperate, especially Internet-touching devices such as firewalls and routers that can not be protected behind another device.
An organization could also make use of Isolated Data Flows. This can be used to limit access to specified sources and destinations between network protocols and ports, and application protocols, as well as application programs. This can prevent authenticated attackers from executing OS commands remotely on the affected devices.
Ecosystems
Ecosystems deliver a dedicated security infrastructure that can be deployed per application, use-case, project or third-party. An Ecosystem inherently limits access only to users, devices, systems and applications that need to interoperate together.
Ecosystems support any technology, on any network, anywhere in the world. These include computers, mobile devices, IoTs, Offices, Clouds, SaaS and Data Centers.
Ecosystems can be configured as:
Open → With inbound or outbound access from or to the Internet or a third-party
Closed → Fully contained with access limited to Ecosystem members
Hybrid → Where some systems have inbound or outbound Internet access while others operate fully contained.
Eliminate the Internet Attack Surface
Eliminates any and all access from the Internet while Ecosystem members can interoperate with authorized systems and applications.
Eliminate the Internal Attack Surface
Ecosystems can easily isolate individual or groups of systems on a shared network or entire networks, to limit access only to systems that need to interoperate together. This is done with
-
Micro-Segmentation Segmenting groups of systems on any shared network, including hostile networks or the entire network.
-
Nano-Segmentation Isolating an individual system, device or application to limit access only to other authorized Ecosystem members.
Isolated Data Flows
Isolated data flows can be defined between two Ecosystem members to limit access to specified sources and destinations, network protocols and ports, application protocols as well as application programs.
Simplicity
-
Acreto Ecosystems are very easy to provision and deploy. There are no hardware dependencies or associated logistics.
-
Provisioning an Ecosystem takes 3-5 minutes. Simply provide a unique name to the Ecosystem then choose the bandwidth desired and within a few minutes your Ecosystem providing a dedicated security infrastructure is ready.
-
Depending on your connection options for Ecosystem members, deployment can take between 10 minutes to a few hours.
Encrypted Secure Scan
Secure Scan addresses a key weakness in many security tools today. 90%+ of all communications is encrypted, yet only 10% of organizations have the means to secure these communications. Encrypted Secure Scan decrypts, scans, and re-encrypts communications inline and in real-time.
Any malicious content embedded in the encrypted payload is blocked, otherwise the clean and validated communication is delivered to its final destination.
Controls
Access Control
Identity with MFA
-
User Authorizes access to the Ecosystem by a user’s identity, including MFA, as authenticated by the organizations’ Directory Services such as Active Directory or LDAP, as well as third-party Identity Service Providers such as Okta, Ping, Duo, and CloudJump among others.
-
Device Specifies a unique identity to each device to validate that a specified device that does not rely on a user to operate – such as an autonomous application or IoT, is allowed to join the Ecosystem.
Network Protocol / Port
Control the network protocol (TCP, UDP, ICMP) and Port (1-65535) any Ecosystem member can use to communicate with any other Ecosystem member or Internet resource by IP, user or device identity. Both inbound and outbound Internet flows are supported.
Application Protocol
Control the application protocol (HTTP, DNS, SMTP, SMB, etc…) any Ecosystem member can use to communicate with any other Ecosystem members or Internet resource by IP, user or device identity. Both inbound and outbound Internet flows are supported.
Application Program
Control the application program (MS-Exchange, Oracle, Facebook, GMail, etc…) any Ecosystem member can use to communicate with any other Ecosystem members or Internet resource by IP, user or device identity. Both inbound and outbound Internet flows are supported.
Threat Prevention
After verification of network protocol, port, application protocol and application program, a deep inspection is performed on all communications. The effectiveness of this method is amplified by inline Encrypted Secure Scan. Threat prevention capabilities utilize two key methods:
-
Threat Signature: Identifies and mitigates known bad exploits, malware, botnets and ransomware.
-
Zero-Day Behavioral Analysis: Looks for behavioral indications of threats based on how system functions react to the payload, immediately and over time.
About Acreto
Acreto delivers full-stack cybersecurity without products, logistics or significant security expertise. It creates and consolidates the best of cybersecurity into a single plug-and-play platform with automated updates to stay ahead of threats. Acreto activates enterprise-grade security instantly, so organizations can run safely, easily, and without interruption.