CVE-2018-13379

Vulnerability Profile Updated 3 months ago
Download STIX
Preview STIX
CVE-2018-13379 is a critical vulnerability that affects FortiOS and Fortiguard, presenting a flaw in their software design or implementation. This specific vulnerability, which can expose sensitive credentials, has been frequently exploited, making the top 15 most routinely exploited list in both 2020 and 2021. It is one of the oldest vulnerabilities still being actively exploited, dating back to 2018. It's particularly notable for its role in facilitating initial access to victim networks by threat actors. The Play ransomware group has been known to exploit this vulnerability, among others, as part of their attack strategy. They typically gain initial access to victim networks by abusing valid accounts and exploiting public-facing applications. Specifically, they have exploited known vulnerabilities in FortiOS (CVE-2018-13379 and CVE-2020-12812) and Microsoft Exchange (ProxyNotShell CVE-2022-41040 and CVE-2022-41082). The Fortinet SSL VPN vulnerability (CVE-2018-13379) was the most routinely exploited bug last year, followed by the ProxyShell bugs and a flaw in Zoho ADSelfService Plus (CVE-2021-40539). More recently, an Advanced Persistent Threat (APT) actor leveraged the Fortinet VPN vulnerability (CVE-2018-13379) for initial network access and a Windows Netlogon vulnerability (CVE-2020-1472) to gain access to Windows Active Directory servers for privilege escalation within the network. These ongoing exploitations underscore the importance of patching even older vulnerabilities like CVE-2018-13379, as they continue to present significant security risks.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Exploit
Ransomware
Adlumin
T1078
Fortios
Vpn
exploited
Fortiguard
T1190
Esxi
Papercut
Apt
Rmm
Windows
Fortinet
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
1
LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
POLONIUMUnspecified
2
Polonium is a threat actor group, believed to be based in Lebanon, that has been responsible for significant cyberattacks on Israel's operational technology (OT) and critical infrastructure. In December, Israel's National Cyber Directorate issued warnings that Polonium had targeted critical sectors
PhosphorusUnspecified
1
Phosphorus, also known as APT35 or Charming Kitten, is a notorious Iranian cyberespionage group linked to the Islamic Revolutionary Guard Corps (IRGC). This threat actor has been involved in a series of malicious activities, employing novel tactics and tools. A significant discovery was made by the
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Log4ShellUnspecified
2
Log4Shell is a software vulnerability, specifically a flaw in the design or implementation of the popular Java logging library, Log4j. Identified as CVE-2021-44228, this vulnerability allows an attacker to remotely execute arbitrary code, often leading to full system compromise. Advanced Persistent
ProxyshellUnspecified
2
ProxyShell is a critical vulnerability affecting Microsoft Exchange email servers. Identified as CVE-2021-34473, it is a flaw in software design or implementation that can be exploited by attackers to gain unauthorized access to systems. The vulnerability was actively exploited by threat actors, cau
CVE-2022-41040Unspecified
2
CVE-2022-41040 is a software vulnerability that was discovered in late September 2022, along with another flaw, CVE-2022-41082. These two zero-day vulnerabilities were collectively known as ProxyNotShell. The vulnerabilities were exploited to compromise Microsoft Exchange through the proxy mechanism
CVE-2022-41082Unspecified
2
CVE-2022-41082 is a critical software vulnerability discovered in Microsoft Exchange Servers, which allows for Remote Code Execution (RCE). This flaw is one of two zero-day vulnerabilities found, the other being CVE-2022-41040. The RCE vulnerability presents a significant threat as it enables attack
CVE-2020-12812Unspecified
2
None
ProxynotshellUnspecified
2
ProxyNotShell is a software vulnerability, specifically a flaw in the design or implementation of Microsoft Exchange Server. It was first identified and exploited through CVE-2022-41082, as reported by Palo Alto Networks' Unit 42. The ProxyNotShell exploit method leveraged an AutoDiscover endpoint t
CVE-2021-34473Unspecified
1
CVE-2021-34473 is a significant software vulnerability that was discovered in Microsoft Exchange Server. This flaw, along with two others (CVE-2021-31207 and CVE-2021-34523), forms a chain of vulnerabilities known as ProxyShell. These vulnerabilities can be exploited together by remote attackers to
CVE-2021-34523Unspecified
1
None
CVE-2021-40539Unspecified
1
None
Proxynotshell Cve-2022-41040Unspecified
1
None
FollinaUnspecified
1
Follina, also known as CVE-2022-30190, is a notable software vulnerability that was discovered and exploited in the first half of 2022. This flaw, found in the Microsoft Windows Support Diagnostic Tool (MSDT), was weaponized by TA413, a cyber threat actor group with suspected ties to China. The grou
CVE-2020-1472Unspecified
1
CVE-2020-1472, also known as the ZeroLogon vulnerability, is a critical-severity privilege escalation flaw in Microsoft's Netlogon Remote Protocol. It was patched by Microsoft on August 11, 2020. This vulnerability allows attackers to gain administrative access to a Windows domain controller without
Proxynotshell CveUnspecified
1
None
CVE-2021-31207Unspecified
1
CVE-2021-31207 is a significant software vulnerability that affects Atlassian Confluence and Microsoft Exchange. It was discovered that Advanced Persistent Threat group APT40 rapidly exploits this flaw, along with other public vulnerabilities in widely used software like Log4J (CVE-2021-44228) and M
Source Document References
Information about the CVE-2018-13379 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
InfoSecurity-magazine
17 days ago
Ransomware Groups Prioritize Defense Evasion for Data Exfiltration
CERT-EU
5 months ago
Sensor Intel Series: Top CVEs in December 2023
DARKReading
6 months ago
'Midnight Blizzard' Breached HPE Email Months Before Microsoft Hack
CERT-EU
7 months ago
Infographic: A History of Network Device Threats and What Lies Ahead
CERT-EU
7 months ago
Infographic: A History of Network Device Threats and What Lies Ahead | #ransomware | #cybercrime | National Cyber Security Consulting
BankInfoSecurity
7 months ago
Breach Roundup: MongoDB Blames Phishing Email for Breach
CISA
7 months ago
#StopRansomware: Play Ransomware | CISA
CERT-EU
7 months ago
Play Ransomware: SafeBreach Coverage for US-CERT Alert (AA23-352A)
MITRE
7 months ago
Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021 | Microsoft Security Blog
DARKReading
8 months ago
Iran Threatens Israel's Critical Infrastructure With 'Polonium' Proxy
CERT-EU
8 months ago
Ransomware Dwell Time Hits Low of 24 Hours | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
8 months ago
Sensor Intel Series: Top CVEs in October 2023
CERT-EU
10 months ago
Cybercriminals can go from click to compromise in less than a day | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
10 months ago
PLAY Cyber Attack: 6 New Victims Targeted In Ransom Attack
CERT-EU
10 months ago
Sensor Intel Series: Top CVEs in August 2023 | F5 Labs
BankInfoSecurity
a year ago
Feds Urge Immediate Patching of Zoho and Fortinet Products
BankInfoSecurity
a year ago
Feds Urge Immediately Patching of Zoho and Fortinet Products
CERT-EU
a year ago
Qualys Top 20 Exploited Vulnerabilities | Qualys Security Blog
CERT-EU
a year ago
Play Ransomware Targets Victims Via MSPs’ RMM Software
BankInfoSecurity
a year ago
Play Ransomware Using MSPs and N-Days to Attack