Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities

2023-03-14 06:01

Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet FortiOS software to result in data loss and OS and file corruption.

The zero-day flaw in question is CVE-2022-41328, a medium security path traversal bug in FortiOS that could lead to arbitrary code execution.

The shortcoming impacts FortiOS versions 6.0, 6.2, 6.4.0 through 6.4.11, 7.0.0 through 7.0.9, and 7.2.0 through 7.2.3.

The disclosure comes days after Fortinet released patches to address 15 security flaws, including CVE-2022-41328 and a critical heap-based buffer underflow issue impacting FortiOS and FortiProxy.

Given the complexity of the exploit, it's suspected that the attacker has a "Deep understanding of FortiOS and the underlying hardware" and possesses advanced capabilities to reverse engineer different aspects of the FortiOS operating system.

It's not immediately clear if the threat actor has any connections to another intrusion set that was observed weaponizing a flaw in FortiOS SSL-VPN earlier this January to deploy a Linux implant.

News URL

https://thehackernews.com/2023/03/fortinet-fortios-flaw-exploited-in.html

#cyberattack #fortinet #fortios #CVE-2022-41328

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2023-03-07	CVE-2022-41328	Path Traversal vulnerability in Fortinet Fortios A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands. local low complexity fortinet CWE-22	7.1

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Fortinet		76	15	312	265	80	672