Security News > 2023 > March > Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities
Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet FortiOS software to result in data loss and OS and file corruption.
The zero-day flaw in question is CVE-2022-41328, a medium security path traversal bug in FortiOS that could lead to arbitrary code execution.
The shortcoming impacts FortiOS versions 6.0, 6.2, 6.4.0 through 6.4.11, 7.0.0 through 7.0.9, and 7.2.0 through 7.2.3.
The disclosure comes days after Fortinet released patches to address 15 security flaws, including CVE-2022-41328 and a critical heap-based buffer underflow issue impacting FortiOS and FortiProxy.
Given the complexity of the exploit, it's suspected that the attacker has a "Deep understanding of FortiOS and the underlying hardware" and possesses advanced capabilities to reverse engineer different aspects of the FortiOS operating system.
It's not immediately clear if the threat actor has any connections to another intrusion set that was observed weaponizing a flaw in FortiOS SSL-VPN earlier this January to deploy a Linux implant.
News URL
https://thehackernews.com/2023/03/fortinet-fortios-flaw-exploited-in.html
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-07 | CVE-2022-41328 | Path Traversal vulnerability in Fortinet Fortios A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands. | 7.1 |