CVE-2022-41328 Fortinet FortiOS Vulnerability Leveraged to Target Governments
Dark Lab on Mar 14 2023
Share:
On 7 March 2023, Fortinet released a security advisory for a medium severity vulnerability (CVE-2022-41328) impacting their FortiOS products. The vulnerability has been observed to be leveraged by an unknown threat actor to target government entities and cause data loss, and OS and file corruption.
The path traversal vulnerability enables a privileged attacker to achieve arbitrary code execution via crafted CLI commands. The attacker may have attempted to exploit the vulnerability by uploading files to the FortiGate via a TFTP server to the specified path. The vendor advises that exploitation of the vulnerability requires a sophisticated understanding of FortiOS and the underlying hardware. The current attack is highly targeted, with observed targeting against government and government-related targets.
The vendor advises upgrading to a patched version of FortiOS as soon as possible to mitigate potential exploitation.
https://www.fortiguard.com/psirt/FG-IR-22-369
https://www.fortinet.com/blog/psirt-blogs/fg-ir-22-369-psirt-analysis
The path traversal vulnerability enables a privileged attacker to achieve arbitrary code execution via crafted CLI commands. The attacker may have attempted to exploit the vulnerability by uploading files to the FortiGate via a TFTP server to the specified path. The vendor advises that exploitation of the vulnerability requires a sophisticated understanding of FortiOS and the underlying hardware. The current attack is highly targeted, with observed targeting against government and government-related targets.
The vendor advises upgrading to a patched version of FortiOS as soon as possible to mitigate potential exploitation.
https://www.fortiguard.com/psirt/FG-IR-22-369
https://www.fortinet.com/blog/psirt-blogs/fg-ir-22-369-psirt-analysis