Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
FortiOS Vulnerability Actively Exploited
Image
Published : 16/03/2023
Reference:
Advisory #2023-32
Version:
1.0
Affected software:
All versions of FortiOS 6.0 and 6.2
FortiOS version 6.4.0 through 6.4.11
FortiOS version 7.0.0 through 7.0.9
FortiOS version 7.2.0 through 7.2.3
Type:
Arbitrary code execution
CVE/CVSS:
CVE-2022-41328 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Base Score: 6.7 (Medium)
Sources
https://www.fortinet.com/blog/psirt-blogs/fg-ir-22-369-psirt-analysisRisks
Government entities and large organizations have been targeted by an unknown advanced threat actor by exploiting a security path traversal bug in FortiOS that could lead to arbitrary code execution. The vulnerability allows threat actors to execute unauthorized code or commands, resulting in data loss and OS and file corruption.Description
CVE-2022-41328 is a medium security path traversal bug in FortiOS that could lead to arbitrary code execution. An improper limitation of a pathname to a restricted directory vulnerability ('path traversal') in FortiOS may allow a privileged attacker to read and write arbitrary files via crafted CLI commands. Even if the vulnerability was not considered critical, it can be used to execute arbitrary code and Fortinet experts discovered an unknown advanced threat actor exploited it in attacks targeting governmental entities and government-related organizations. A Fortinet report published last week revealed that CVE-2022-41328 exploits had been used to hack and take down multiple FortiGate firewall devices belonging to a customer. The attack was considered to be highly targeted and given the complexity of the exploit the threat actor has advanced capabilities to reverse engineer different aspects of the FortiOS operating system.Recommended Actions
Fortinet released security updates on March 7, 2023, to address 15 security flaws, including CVE-2022-41328. To patch the security flaw, admins have to upgrade vulnerable products to FortiOS version 6.4.12 and later, FortiOS version 7.0.10 and later, or FortiOS version 7.2.4 and above.References
https://www.fortiguard.com/psirt/FG-IR-22-369https://nvd.nist.gov/vuln/detail/CVE-2022-41328 https://www.bleepingcomputer.com/news/security/fortinet-new-fortios-bug-used-as-zero-day-to-attack-govt-networks/