Public Safety Technology Cybersecurity Network Management IT and Network Support

Cybersecurity Threat Advisory: Fortinet and Microsoft Exchange Vulnerability Exploits

Mike Beagles
Mike Beagles December 2, 2021 2 min read

As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.

This week there is a new critical alert that requires the mission-critical community’s immediate attention.

Advisory Overview

Since March 2021, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have been monitoring an advanced persistent threat (APT) group within Iran’s government that is exploiting a Fortinet vulnerability and a Microsoft Exchange ProxyShell vulnerability from October 2021. These vulnerabilities allow the group to gain initial network access before following up with other tactics, including deploying BitLocker ransomware.

What Is the Threat?

The Iranian APT has been scanning devices on ports 4443, 8443, and 10443 to search for the Fortinet FortiOS vulnerability that is being tracked as CVE-2018-13379. This vulnerability allows an unauthenticated user to initiate a uniquely configured Hypertext Transfer Protocol (HTTP) request that will give the attacker the ability to download system files.

Why Is It Noteworthy?

A state-sponsored APT group possesses numerous resources that will make it a deeply serious adversary in terms of the number of targets the group can attack. It recently was reported that the same APT cyberattackers exploited another FortiGate security appliance in June to infiltrate the environmental control networks of a U.S.-based children’s hospital.

What Is the Risk?

The group also has exploited the Microsoft Exchange ProxyShell vulnerability which is being tracked at CVE-2021-34473. ProxyShell involves multiple Common Vulnerabilities and Exposures (CVE) identifiers in an attack chain that enables unauthenticated attackers to gain remote code execution and obtain plaintext passwords.

What Are the Recommendations?

MCP recommends patching and updating any Microsoft Exchange servers to their latest versions, as well as all Fortinet security applications on the network. The patches that must be deployed immediately can be found in the following CVEs: CVE-2021-34473, CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591.

References

For more in-depth information about the recommendations, please visit the following links:

If you are looking for guidance, please reach out. MCP offers a comprehensive cybersecurity solutions suite that is designed specifically for public safety and justice entities and other critical infrastructure organizations, to help them determine their network, data, and application vulnerabilities. We can help you develop a complete cyberattack prevention strategy. Contact us today to learn more.

Mike Beagles is MCP's director of IT and cybersecurity services. He can be reached here.

Don't forget to share this post!

Mike Beagles
Mike Beagles
Mike has specialized experience with supporting public safety agencies by providing technical expertise, strategic planning and general consulting for new and innovative mission critical technologies as well as legacy solutions. Throughout his long-standing career, he has worked as a technical service manager and network engineer for several public safety software companies, as well as an IT manager with a mid-tier public safety 911/ CAD/RMS/Mobile software provider. His expertise runs deep in team and project management for large and small projects, which he has done for more than 12 years.

Related posts

Cybersecurity

Cybersecurity Threat Advisory: New Microsoft Exchange Zero-Day Vulnerability

October 3, 2022
Mike Beagles
Cybersecurity

Cybersecurity Threat Advisory: Office 365 Zero-Day Attacks

September 14, 2021
Mike Beagles