Security News > 2023 > March > Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities

Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities
2023-03-14 06:01

Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet FortiOS software to result in data loss and OS and file corruption.

The zero-day flaw in question is CVE-2022-41328, a medium security path traversal bug in FortiOS that could lead to arbitrary code execution.

The shortcoming impacts FortiOS versions 6.0, 6.2, 6.4.0 through 6.4.11, 7.0.0 through 7.0.9, and 7.2.0 through 7.2.3.

The disclosure comes days after Fortinet released patches to address 15 security flaws, including CVE-2022-41328 and a critical heap-based buffer underflow issue impacting FortiOS and FortiProxy.

Given the complexity of the exploit, it's suspected that the attacker has a "Deep understanding of FortiOS and the underlying hardware" and possesses advanced capabilities to reverse engineer different aspects of the FortiOS operating system.

It's not immediately clear if the threat actor has any connections to another intrusion set that was observed weaponizing a flaw in FortiOS SSL-VPN earlier this January to deploy a Linux implant.


News URL

https://thehackernews.com/2023/03/fortinet-fortios-flaw-exploited-in.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-03-07 CVE-2022-41328 Path Traversal vulnerability in Fortinet Fortios
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.
local
low complexity
fortinet CWE-22
7.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Fortinet 76 15 312 265 80 672