Fortinet Patches High-Severity FortiOS Bug Used in Zero-Day Attacks
March 13, 2023
Fortinet released security updates on March 7, 2023, to address a high-severity security vulnerability (CVE-2022-41328) in FortiOS that allowed threat actors to execute unauthorized code or commands. The vulnerability, a improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22], may allow a privileged attacker to read and write arbitrary files via crafted CLI commands. The list of affected products includes FortiOS version 6.4.0 through 6.4.11, FortiOS version 7.0.0 through 7.0.9, FortiOS version 7.2.0 through 7.2.3, and all versions of FortiOS 6.0 and 6.2.
Fortinet recently revealed that the vulnerability had been used in zero-day attacks targeting government and large organizations that have led to OS and file corruption and data loss. The attack is highly targeted, with some hints of preferred governmental or government-related targets, and requires a deep understanding of FortiOS and the underlying hardware. Custom implants show that the actor has advanced capabilities, including reverse-engineering various parts of FortiOS. As Fortinet noted, "The exploit requires a deep understanding of FortiOS and the underlying hardware. Custom implants show that the actor has advanced capabilities, including reverse-engineering various parts of FortiOS."
Fortinet customers are advised to immediately upgrade to a patched version of FortiOS to block potential attack attempts (a list of IOCs is also available here). In January, Fortinet disclosed a very similar series of incidents where a FortiOS SSL-VPN vulnerability patched in December 2022 and tracked as CVE-2022-42475 was also used as a zero-day bug to target government organizations and government-related entities.
Latest News
- BlackLotus Secure Boot Bypass Malware Set to Ramp Up
- Unpatched Zero-Day Bugs in Akuvox E11 Smart Intercom Allow Eavesdropping
- CISA Warns of Critical VMware RCE Flaw Exploited in Attacks
- Cisco Patches High-Severity DoS Vulnerability in Enterprise Routers
- IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.