VPN Vulnerabilities Emerges As The Key Tool for Threat Actors to Attack Organizations
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
VPN infrastructure has become a prime target for cybercriminals and state-sponsored actors, with vulnerabilities in these systems serving as gateways to widespread organizational compromise.
Even years after their disclosure, critical VPN vulnerabilities continue to enable threat actors to steal credentials and gain administrative control over corporate networks at an unprecedented scale.
This persistent exploitation demonstrates how older, often overlooked security flaws remain highly effective attack vectors.
Two particularly concerning vulnerabilities continue to plague organizations worldwide: CVE-2018-13379, a path traversal vulnerability in Fortinet’s FortiGate SSL VPN devices, and CVE-2022-40684, an authentication bypass flaw affecting Fortinet FortiOS, FortiProxy, and FortiManager.
Both maintain an alarming 97% Exploit Prediction Scoring System (EPSS) score, placing them among the top 3% of vulnerabilities most likely to be exploited within the next 30 days.
ReliaQuest researchers identified a staggering 4,223% increase in chatter related specifically to Fortinet VPNs on cybercriminal forums since 2018, highlighting threat actors’ growing focus on exploiting these vulnerabilities.
The research team also discovered that 64% of VPN vulnerabilities are directly linked to ransomware campaigns, demonstrating how quickly attackers monetize stolen credentials.
The enduring popularity of these vulnerabilities stems from their effectiveness and the slow pace of patching across organizations.
CVE-2018-13379, despite being nearly five years old, remains on CISA’s list of routinely exploited vulnerabilities, providing attackers with direct access to plaintext credentials without requiring advanced tools or expertise.
.webp)
XSS user shares automated Python-based PoC for CVE-2018-13379 (Source – Reliaquest)
What makes these exploits particularly dangerous is the automation behind them. Threat actors are sharing sophisticated, Python-based tools designed to exploit these vulnerabilities at scale, which shows an automated PoC for CVE-2018-13379 shared on a cybercriminal forum.
Automated Exploitation Changing the Threat Landscape
The industrialization of VPN exploitation was demonstrated in January 2025 when the threat actor Belsen_Group used CVE-2022-40684 to compromise over 15,000 FortiGate devices worldwide.
.webp)
Belsen_Group’s FortiGate breach post on the cybercriminal forum BreachForums (Source – Reliaquest)
This breach exposed sensitive data including IP addresses, VPN credentials, and configuration files from government and private sector organizations.
The exploit code, capable of scanning up to 5 million IPs daily, automates the creation of administrative accounts, extraction of sensitive data, and deployment of malicious policies, all while generating organized output files detailing successful exploits and vulnerable servers.
Organizations must prioritize patching these vulnerabilities and implement network segmentation, multi-factor authentication, and continuous monitoring to protect their VPN infrastructure from these increasingly sophisticated attacks.
#Cyber_Security_News #Vulnerability #cyber_security_news #vulnerability
Оригинальная версия на сайте:
VPN Vulnerabilities Emerges As The Key Tool for Threat Actors to Attack Organizations
Author: Tushar Subhra DuttaVPN infrastructure has become a prime target for cybercriminals and state-sponsored actors, with vulnerabilities in these systems serving as gateways to widespread organizational compromise.
Even years after their disclosure, critical VPN vulnerabilities continue to enable threat actors to steal credentials and gain administrative control over corporate networks at an unprecedented scale.
This persistent exploitation demonstrates how older, often overlooked security flaws remain highly effective attack vectors.
Two particularly concerning vulnerabilities continue to plague organizations worldwide: CVE-2018-13379, a path traversal vulnerability in Fortinet’s FortiGate SSL VPN devices, and CVE-2022-40684, an authentication bypass flaw affecting Fortinet FortiOS, FortiProxy, and FortiManager.
Both maintain an alarming 97% Exploit Prediction Scoring System (EPSS) score, placing them among the top 3% of vulnerabilities most likely to be exploited within the next 30 days.
ReliaQuest researchers identified a staggering 4,223% increase in chatter related specifically to Fortinet VPNs on cybercriminal forums since 2018, highlighting threat actors’ growing focus on exploiting these vulnerabilities.
The research team also discovered that 64% of VPN vulnerabilities are directly linked to ransomware campaigns, demonstrating how quickly attackers monetize stolen credentials.
The enduring popularity of these vulnerabilities stems from their effectiveness and the slow pace of patching across organizations.
CVE-2018-13379, despite being nearly five years old, remains on CISA’s list of routinely exploited vulnerabilities, providing attackers with direct access to plaintext credentials without requiring advanced tools or expertise.
XSS user shares automated Python-based PoC for CVE-2018-13379 (Source – Reliaquest)What makes these exploits particularly dangerous is the automation behind them. Threat actors are sharing sophisticated, Python-based tools designed to exploit these vulnerabilities at scale, which shows an automated PoC for CVE-2018-13379 shared on a cybercriminal forum.
Automated Exploitation Changing the Threat Landscape
The industrialization of VPN exploitation was demonstrated in January 2025 when the threat actor Belsen_Group used CVE-2022-40684 to compromise over 15,000 FortiGate devices worldwide.
Belsen_Group’s FortiGate breach post on the cybercriminal forum BreachForums (Source – Reliaquest)This breach exposed sensitive data including IP addresses, VPN credentials, and configuration files from government and private sector organizations.
The exploit code, capable of scanning up to 5 million IPs daily, automates the creation of administrative accounts, extraction of sensitive data, and deployment of malicious policies, all while generating organized output files detailing successful exploits and vulnerable servers.
Organizations must prioritize patching these vulnerabilities and implement network segmentation, multi-factor authentication, and continuous monitoring to protect their VPN infrastructure from these increasingly sophisticated attacks.
#Cyber_Security_News #Vulnerability #cyber_security_news #vulnerability
Оригинальная версия на сайте:
