Critical FortiOS Vulnerability (CVE-2019-5591) Actively Exploited to Bypass 2FA on FortiGate Firewalls

Fortinet has issued a warning about the active exploitation of a critical vulnerability in FortiOS, identified as CVE-2019-5591 with a CVSS score of 7.5. This vulnerability allows attackers to bypass two-factor authentication (2FA) on FortiGate firewalls, potentially granting unauthorized access to networks. The vulnerability, which is five years old, affects unpatched versions of FortiOS. It stems from improper handling of requests in the SSL VPN module, enabling attackers to manipulate the authentication process and gain access without valid credentials. Specifically, the vulnerability allows an unauthenticated attacker to log in to the device using the SSL VPN portal with the credentials of a VPN user, bypassing the 2FA protection. The exploitation of this vulnerability is particularly concerning because 2FA is a critical security measure designed to protect against unauthorized access. By bypassing 2FA, attackers can potentially infiltrate networks and exfiltrate sensitive data or launch further attacks. The fact that this vulnerability is being exploited five years after its discovery highlights the importance of timely patching and the persistent threat posed by known vulnerabilities. Fortinet has confirmed that the vulnerability is being actively exploited but has not provided specifics on the number of attacks or the sectors affected. Notably, there is no mention of recent updates or patches to mitigate the risk, which underscores the importance of applying available patches and implementing additional security measures. For cybersecurity professionals, this incident highlights the critical importance of keeping systems up-to-date with the latest security patches. It also serves as a reminder of the ongoing threat posed by known vulnerabilities, even those that are several years old. Organizations using FortiGate firewalls should prioritize patching this vulnerability and consider implementing additional security controls to mitigate the risk of exploitation. This could include network segmentation, enhanced monitoring, and the implementation of additional authentication mechanisms. In conclusion, the active exploitation of CVE-2019-5591 is a stark reminder of the importance of proactive cybersecurity measures. Organizations must remain vigilant and ensure that all systems are patched and protected against known vulnerabilities to prevent unauthorized access and potential data breaches.