overview

This week, an unknown threat actor began exploiting a FortiOS vulnerability (CVE-2022-41328) that was patched this month. The threat actors are using the vulnerability to target government and large organizations. The flaw allows threat actors to execute unauthorized code or commands.  

According to Fortinet’s advisory, CVE-2022-41328 is a path traversal flaw in FortiOS that could allow a privileged attacker to read and write arbitrary files via crafted CLI commands. The flaw impacts the following products:  

  • FortiOS version 7.2.0 through 7.2.3 
  • FortiOS version 7.0.0 through 7.0.9 
  • FortiOS version 6.4.0 through 6.4.11 
  • FortiOS 6.2 all versions 
  • FortiOS 6.0 all versions 

Fortinet has since patched the vulnerability and the company advises that admins upgrade vulnerable products to the following:  

  • FortiOS version 7.2.4 or above 
  • FortiOS version 7.0.10 or above 
  • FortiOS version 6.4.12 or above 

Although the advisory for the flaw did not indicate that the bug had been actively exploited before patches were made available, a recent report from Fortinet disclosed that CVE-2022-41328 had indeed been leveraged to hack and disable several FortiGate firewall devices owned by one of their clients. Fortinet also discovered that the vulnerability was used to target government networks, concluding that the attacks are highly targeted.  

 

 

avertium's recommendations

Avertium recommends that you apply the appropriate patch for CVE-2022-41328. You may find patch guidance in Fortinet’s advisory 

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2022-41328. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. 
  • Avertium recommends utilizing our service for DFIR (Digital Forensics and Incident Response) to help you rapidly assess, contain, eradicate, and recover from a security incident like a malware attack. 
  • Avertium offers VMaaS to provide a deeper understanding and control over organizational information security risks.  If your enterprise is facing challenges with the scope, resources, or skills required to implement a vulnerability management program with your team, outsourced solutions can help you bridge the gap. 


 

 

 

SUPPORTING DOCUMENTATION

PSIRT Advisories | FortiGuard 

Fortinet: New FortiOS bug used as zero-day to attack govt networks (bleepingcomputer.com) 

Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities (thehackernews.com) 
Chat With One of Our Experts



Flash Notice Fortinet Vulnerability Fortinet FortiWeb FortiOS FortiProxy Blog