Suspected Chinese threat actors observed attacking Fortinet zero-day

Suspected Chinese threat actors observed attacking Fortinet zero-day

Threat actors have been observed using a flaw in Fortinet's Security Fabric stack to attack large enterprises and government entities, according to the company's researchers

The flaw in question, tracked as CVE-2022-41328 (CVSS score 6.5), is a security path traversal zero-day vulnerability in FortiOS, the network operating system of the Fortinet Security Fabric, which could lead to arbitrary code execution.

"A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in FortiOS may allow a privileged attacker to read and write arbitrary files via crafted CLI commands," the company's advisory says. 

Fortinet released security updates on 7th March to patch the vulnerability. Organisations running vulnerable versions of FortiOS should upgrade to FortiOS version 6.4.12 and later, version 7.0.10 and later or version 7.2.4 and later.

The company discovered that the flaw had been used to cause "data loss and OS and file corruption" at one customer, which is not named.

It was alerted to the security incident when multiple FortiGate firewall devices failed and would not reboot, the latter being a security feature to prevent attackers taking over the devices. On inspection, Fortinet's researchers found the FortiGate image had been altered, with a new file added that may have been designed to maintain remote access to the remote systems. 

"The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets," Fortinet said

"The exploit requires a deep understanding of FortiOS and th ..

Support the originator by clicking the read the rest link below.