จากปัญหาช่องโหว่ของ FortiGate SSL-VPN ทาง Fortinet แจ้งให้ upgrade FortiOS บนอุปกรณ์ FortiGate เป็น FortiOS 5.4.13, 5.6.14, 6.0.11 or 6.2.8 หรือสูงกว่า และทำการเปลี่ยน password vpn ใหม่ทั้ง SSL และ IPSEC ครับ รายละเอียดตามด้านล่าง
Fortinet is aware that a malicious actor has disclosed SSL-VPN access information to 87,000 FortiGate SSL-VPN devices. These credentials were obtained from systems which were unpatched against FG-IR-18-384 / CVE-2018-13379 at the time of the actors scan, but may since have been patched but the passwords not reset. Please note that a password reset following upgrade is critical to protecting against this vulnerability as described in the References below.
If your organization was at any time running an affected version listed below, Fortinet recommends taking immediate action to ensure these credentials cannot be abused.
- Disable all VPN (SSL-VPN or IPSEC) that may be enabled until the following remediation steps have been taken.
- If you have not upgraded your device from an affected version, do so immediately to the latest available release, as detailed below.
- Treat all credentials as potentially compromised and perform an organization-wide password reset.
- Implement multi-factor authentication, which will help mitigate the abuse of any compromised credentials now and in the future.
Recommended Upgrade:
Upgrade to FortiOS 5.4.13, 5.6.14, 6.0.11 or 6.2.8 and above. These are the most recent releases for all originally impacted releases and contain additional recommended fixes.
References
Please see previous communications on this issue for more details:
- Blog (Sept 8, 2021) https://www.fortinet.com/blog/psirt-blogs/malicious-actor-discloses-fortigate-ssl-vpn-credentials
- Blog (July 16, 2020) https://www.fortinet.com/blog/psirt-blogs/atp-29-targets-ssl-vpn-flaws
- Customer Support Bulletin (July 16, 2020) CSB-200716-1
