CVE-2018-13379

Vulnerability updated 23 days ago (2024-11-29T14:00:51.728Z)
Download STIX
Preview STIX
CVE-2018-13379 is a critical vulnerability that affects FortiOS and Fortiguard, presenting a flaw in their software design or implementation. This specific vulnerability, which can expose sensitive credentials, has been frequently exploited, making the top 15 most routinely exploited list in both 2020 and 2021. It is one of the oldest vulnerabilities still being actively exploited, dating back to 2018. It's particularly notable for its role in facilitating initial access to victim networks by threat actors. The Play ransomware group has been known to exploit this vulnerability, among others, as part of their attack strategy. They typically gain initial access to victim networks by abusing valid accounts and exploiting public-facing applications. Specifically, they have exploited known vulnerabilities in FortiOS (CVE-2018-13379 and CVE-2020-12812) and Microsoft Exchange (ProxyNotShell CVE-2022-41040 and CVE-2022-41082). The Fortinet SSL VPN vulnerability (CVE-2018-13379) was the most routinely exploited bug last year, followed by the ProxyShell bugs and a flaw in Zoho ADSelfService Plus (CVE-2021-40539). More recently, an Advanced Persistent Threat (APT) actor leveraged the Fortinet VPN vulnerability (CVE-2018-13379) for initial network access and a Windows Netlogon vulnerability (CVE-2020-1472) to gain access to Windows Active Directory servers for privilege escalation within the network. These ongoing exploitations underscore the importance of patching even older vulnerabilities like CVE-2018-13379, as they continue to present significant security risks.
Description last updated: 2024-05-04T18:19:13.742Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Exploit
Vulnerability
Ransomware
Fortios
Vpn
Adlumin
T1078
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The POLONIUM Threat Actor is associated with CVE-2018-13379. Polonium is a threat actor group, believed to be based in Lebanon, that has been responsible for significant cyberattacks on Israel's operational technology (OT) and critical infrastructure. In December, Israel's National Cyber Directorate issued warnings that Polonium had targeted critical sectors Unspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The Proxyshell Vulnerability is associated with CVE-2018-13379. ProxyShell is a vulnerability that affects Microsoft Exchange email servers, posing a significant risk to organizations worldwide. This flaw in software design or implementation allows attackers to exploit the system and gain unauthorized access. Since early 2021, Iranian government-sponsored APT acUnspecified
2
The CVE-2022-41040 Vulnerability is associated with CVE-2018-13379. CVE-2022-41040 is a software vulnerability that was discovered in late September 2022, along with another flaw, CVE-2022-41082. These two zero-day vulnerabilities were collectively known as ProxyNotShell. The vulnerabilities were exploited to compromise Microsoft Exchange through the proxy mechanismUnspecified
2
The CVE-2022-41082 Vulnerability is associated with CVE-2018-13379. CVE-2022-41082 is a critical software vulnerability discovered in Microsoft Exchange Servers, which allows for Remote Code Execution (RCE). This flaw is one of two zero-day vulnerabilities found, the other being CVE-2022-41040. The RCE vulnerability presents a significant threat as it enables attackUnspecified
2
The vulnerability CVE-2020-12812 is associated with CVE-2018-13379. Unspecified
2
The Proxynotshell Vulnerability is associated with CVE-2018-13379. ProxyNotShell is a software vulnerability, specifically a flaw in the design or implementation of Microsoft Exchange Server. It was first identified and exploited through CVE-2022-41082, as reported by Palo Alto Networks' Unit 42. The ProxyNotShell exploit method leveraged an AutoDiscover endpoint tUnspecified
2
The Log4Shell Vulnerability is associated with CVE-2018-13379. Log4Shell is a significant software vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105) that exists in the Log4j Java-based logging utility. It was exploited by various Advanced Persistent Threat (APT) actors, including LockBit affiliates and GOLD MELODY (UNC961), to gain unauthorizedUnspecified
2
Source Document References
Information about the CVE-2018-13379 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CISA
a month ago
CERT-EU
a year ago
InfoSecurity-magazine
5 months ago
CERT-EU
10 months ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CISA
a year ago
CERT-EU
a year ago
MITRE
a year ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago