Published on: 2025-03-19

Intelligence Report: US CISA adds Fortinet FortiOSFortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog – Securityaffairs.com

1. BLUF (Bottom Line Up Front)

The Cybersecurity and Infrastructure Security Agency (CISA) has identified and added vulnerabilities in Fortinet FortiOSFortiProxy and GitHub Actions to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities pose significant risks, allowing unauthorized access and potential control over affected systems. Immediate attention and remediation are recommended to mitigate potential exploitation by threat actors.

2. Detailed Analysis

The following structured analytic techniques have been applied for this analysis:

General Analysis

The vulnerabilities identified in Fortinet FortiOSFortiProxy involve an authentication bypass issue that can be exploited to gain super admin privileges. This flaw, tracked as CVE, allows remote attackers to craft requests that bypass authentication, potentially leading to unauthorized access and control over network systems. The GitHub Actions vulnerability involves a supply chain attack where threat actors can modify action code, leading to the exposure of sensitive information.

Researchers from Forescout have reported the exploitation of the Fortinet vulnerability by a threat actor named Mora, who is linked to the LockBit ransomware ecosystem. This actor has demonstrated unique operational signatures, suggesting a sophisticated approach to ransomware deployment.

3. Implications and Strategic Risks

The exploitation of these vulnerabilities poses significant risks to national security and economic interests. The ability of threat actors to gain unauthorized access to critical systems can lead to data breaches, financial losses, and disruptions in operations. The involvement of ransomware groups like Mora and potential links to the LockBit ecosystem highlight the growing complexity and sophistication of cyber threats.

4. Recommendations and Outlook

Recommendations:

• Organizations should immediately apply patches and updates provided by Fortinet and GitHub to mitigate the identified vulnerabilities.
• Implement enhanced monitoring and logging to detect unauthorized access attempts and suspicious activities.
• Conduct regular security audits and penetration testing to identify and address potential vulnerabilities.

Outlook:

In the best-case scenario, rapid adoption of security patches and enhanced monitoring will prevent further exploitation. In the worst-case scenario, continued exploitation could lead to widespread disruptions and financial losses. The most likely outcome involves a mixed response, with some organizations effectively mitigating risks while others remain vulnerable.

5. Key Individuals and Entities

The report mentions significant individuals and organizations such as Mora and Forescout, as well as the LockBit ransomware ecosystem. These entities are central to the analysis of the current threat landscape.