Tweet
Unknown hackers have recently targeted certain US government networks with a zero-day vulnerability found in a Fortinet product.
While the targets or the extent of success are not currently known, there are details available pertaining to the zero-day used in the attack. We also know that itās been patched in the meantime, with Fortinet urging customers to apply the fix immediately.
According to a BleepingComputer report on the attack, the threat actors abused CVE-2022-41328 - an improper limitation of a pathname to a restricted directory vulnerability (āpath traversalā) [CWE-22] in FortiOS, which could have allowed a privileged attacker āto read and write arbitrary files via crafted CLI commands," Fortinetās advisory reads. In other words, hackers could have executed unauthorized code or commands.
[HEADING=1]Single target[/HEADING]
The list of affected products includes FortiOS versions 6.0, 6.2, as well as 6.4.0 through 6.4.11, FortiOS version 7.0.0 through 7.0.9, and FortiOS version 7.2.0 through 7.2.3. Secure versions include 6.4.12 and later, 7.0.10 and later, and 7.2.4 and later.
Read more
A week before news of the patch broke, the company released a report in which it said the CVE was used to take down āmultiple FortiGate firewall devicesā belonging to one of its customers.
According to the companyās analysis, the attacks were āhighly targetedā, with the hackers specifically favoring government networks. These threat actors operate with āadvanced capabilitiesā, the researchers said, including reverse-engineering parts of the FortiGate devicesā operating system.
[ul]
[li]Check out the best small business software around[/li][/ul]
Via: BleepingComputer
Continue readingā¦
While the targets or the extent of success are not currently known, there are details available pertaining to the zero-day used in the attack. We also know that itās been patched in the meantime, with Fortinet urging customers to apply the fix immediately.
According to a BleepingComputer report on the attack, the threat actors abused CVE-2022-41328 - an improper limitation of a pathname to a restricted directory vulnerability (āpath traversalā) [CWE-22] in FortiOS, which could have allowed a privileged attacker āto read and write arbitrary files via crafted CLI commands," Fortinetās advisory reads. In other words, hackers could have executed unauthorized code or commands.
[HEADING=1]Single target[/HEADING]
The list of affected products includes FortiOS versions 6.0, 6.2, as well as 6.4.0 through 6.4.11, FortiOS version 7.0.0 through 7.0.9, and FortiOS version 7.2.0 through 7.2.3. Secure versions include 6.4.12 and later, 7.0.10 and later, and 7.2.4 and later.
Read more
Fortinet warns VPN users targeted by critical vulnerability
Nasty vulnerability in Fortinet firewalls, proxies abused in real-world attacks
These are the best endpoint protection services today
Nasty vulnerability in Fortinet firewalls, proxies abused in real-world attacks
These are the best endpoint protection services today
According to the companyās analysis, the attacks were āhighly targetedā, with the hackers specifically favoring government networks. These threat actors operate with āadvanced capabilitiesā, the researchers said, including reverse-engineering parts of the FortiGate devicesā operating system.
[ul]
[li]Check out the best small business software around[/li][/ul]
Via: BleepingComputer
Continue readingā¦