FortiOS Vulnerability Actively Exploited
CVE-2022-41328
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS Base Score: 6.7 (Medium)
Sources
https://www.fortinet.com/blog/psirt-blogs/fg-ir-22-369-psirt-analysis
Risques
Government entities and large organizations have been targeted by an unknown advanced threat actor by exploiting a security path traversal bug in FortiOS that could lead to arbitrary code execution. The vulnerability allows threat actors to execute unauthorized code or commands, resulting in data loss and OS and file corruption.
Description
CVE-2022-41328 is a medium security path traversal bug in FortiOS that could lead to arbitrary code execution. An improper limitation of a pathname to a restricted directory vulnerability ('path traversal') in FortiOS may allow a privileged attacker to read and write arbitrary files via crafted CLI commands.
Even if the vulnerability was not considered critical, it can be used to execute arbitrary code and Fortinet experts discovered an unknown advanced threat actor exploited it in attacks targeting governmental entities and government-related organizations.
A Fortinet report published last week revealed that CVE-2022-41328 exploits had been used to hack and take down multiple FortiGate firewall devices belonging to a customer. The attack was considered to be highly targeted and given the complexity of the exploit the threat actor has advanced capabilities to reverse engineer different aspects of the FortiOS operating system.
Actions recommandées
Fortinet released security updates on March 7, 2023, to address 15 security flaws, including CVE-2022-41328.
To patch the security flaw, admins have to upgrade vulnerable products to FortiOS version 6.4.12 and later, FortiOS version 7.0.10 and later, or FortiOS version 7.2.4 and above.
Références
https://www.fortiguard.com/psirt/FG-IR-22-369
https://nvd.nist.gov/vuln/detail/CVE-2022-41328
https://www.bleepingcomputer.com/news/security/fortinet-new-fortios-bug-...