Security Awareness – Lack Of Fundamental Security Knowledge Can Put Your Company At Risk
October 18, 2021Rewterz Threat Alert – SmokeLoader Malware – Active IOCs
October 18, 2021Security Awareness – Lack Of Fundamental Security Knowledge Can Put Your Company At Risk
October 18, 2021Rewterz Threat Alert – SmokeLoader Malware – Active IOCs
October 18, 2021Severity
High
Analysis Summary
Mass scanning activity detected from the following hosts targeting Fortinet VPN servers vulnerable to unauthenticated arbitrary file read (CVE-2018-13379) leading to disclosure of usernames and passwords in plaintext.
CVE-2018-13379
Fortinet FortiOS could allow a remote attacker to traverse directories on the system, caused by a flaw in the VPN web portal. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to download arbitrary files on the system.
Impact
- Information disclosure
- Exposure of sensitive data
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiOS 6.0.0
- Fortinet FortiOS 5.6.3
- Fortinet FortiOS 6.0.4
- Fortinet FortiOS 5.6.7
Indicators of Compromise
IP
- 85[.]114[.]101[.]173
- 45[.]155[.]204[.]227
- 45[.]227[.]253[.]141
- 193[.]27[.]228[.]77
- 5[.]188[.]86[.]100
- 45[.]9[.]20[.]207
- 45[.]155[.]204[.]233
- 185[.]191[.]32[.]158
- 193[.]56[.]146[.]116
- 212[.]47[.]252[.]74
- 195[.]123[.]222[.]53
- 66[.]115[.]145[.]233
- 66[.]211[.]112[.]9
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Refer to FortiGuard Advisory FG-IR-18-384 for patch, upgrade or suggested workaround information.