Fortinet Patches High-Severity FortiOS Bug Used in Zero-Day Attacks

March 13, 2023

Fortinet released security updates on March 7, 2023, to address a high-severity security vulnerability (CVE-2022-41328) in FortiOS that allowed threat actors to execute unauthorized code or commands. The vulnerability, a improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22], may allow a privileged attacker to read and write arbitrary files via crafted CLI commands. The list of affected products includes FortiOS version 6.4.0 through 6.4.11, FortiOS version 7.0.0 through 7.0.9, FortiOS version 7.2.0 through 7.2.3, and all versions of FortiOS 6.0 and 6.2.

Fortinet recently revealed that the vulnerability had been used in zero-day attacks targeting government and large organizations that have led to OS and file corruption and data loss. The attack is highly targeted, with some hints of preferred governmental or government-related targets, and requires a deep understanding of FortiOS and the underlying hardware. Custom implants show that the actor has advanced capabilities, including reverse-engineering various parts of FortiOS. As Fortinet noted, "The exploit requires a deep understanding of FortiOS and the underlying hardware. Custom implants show that the actor has advanced capabilities, including reverse-engineering various parts of FortiOS."

Fortinet customers are advised to immediately upgrade to a patched version of FortiOS to block potential attack attempts (a list of IOCs is also available here). In January, Fortinet disclosed a very similar series of incidents where a FortiOS SSL-VPN vulnerability patched in December 2022 and tracked as CVE-2022-42475 was also used as a zero-day bug to target government organizations and government-related entities.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.