Security News > 2023 > March > Fortinet: New FortiOS bug used as zero-day to attack govt networks
Unknown attackers used zero-day exploits to abuse a new FortiOS bug patched this month in attacks targeting government and large organizations that have led to OS and file corruption and data loss.
The list of affected products includes FortiOS version 6.4.0 through 6.4.11, FortiOS version 7.0.0 through 7.0.9, FortiOS version 7.2.0 through 7.2.3, and all versions of FortiOS 6.0 and 6.2.
To patch the security flaw, admins have to upgrade vulnerable products to FortiOS version 6.4.12 and later, FortiOS version 7.0.10 and later, or FortiOS version 7.2.4 and above.
"The exploit requires a deep understanding of FortiOS and the underlying hardware. Custom implants show that the actor has advanced capabilities, including reverse-engineering various parts of FortiOS.".
Fortinet customers are advised to immediately upgrade to a patched version of FortiOS to block potential attack attempts (a list of IOCs is also available here).
In January, Fortinet disclosed a very similar series of incidents where a FortiOS SSL-VPN vulnerability patched in December 2022 and tracked as CVE-2022-42475 was also used as a zero-day bug to target government organizations and government-related entities.
- Fortinet zero-day attacks linked to suspected Chinese hackers (source)
- Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack (source)
- Clop ransomware claims to be behind GoAnywhere zero-day attacks (source)
- Patch Now: Apple's iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw (source)
- Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy (source)
- Fortinet plugs critical RCE hole in FortiOS, FortiProxy (CVE-2023-25610) (source)
- Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities (source)
- Microsoft fixes Windows zero-day exploited in ransomware attacks (source)
- Rubrik confirms data theft in GoAnywhere zero-day attack (source)
|2023-01-02||CVE-2022-42475|| Out-of-bounds Write vulnerability in Fortinet Fortios |
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
| 9.8 |