FortiOS Vulnerability Actively Exploited
CVSS Base Score: 6.7 (Medium)
Government entities and large organizations have been targeted by an unknown advanced threat actor by exploiting a security path traversal bug in FortiOS that could lead to arbitrary code execution. The vulnerability allows threat actors to execute unauthorized code or commands, resulting in data loss and OS and file corruption.
CVE-2022-41328 is a medium security path traversal bug in FortiOS that could lead to arbitrary code execution. An improper limitation of a pathname to a restricted directory vulnerability ('path traversal') in FortiOS may allow a privileged attacker to read and write arbitrary files via crafted CLI commands.
Even if the vulnerability was not considered critical, it can be used to execute arbitrary code and Fortinet experts discovered an unknown advanced threat actor exploited it in attacks targeting governmental entities and government-related organizations.
A Fortinet report published last week revealed that CVE-2022-41328 exploits had been used to hack and take down multiple FortiGate firewall devices belonging to a customer. The attack was considered to be highly targeted and given the complexity of the exploit the threat actor has advanced capabilities to reverse engineer different aspects of the FortiOS operating system.
Fortinet released security updates on March 7, 2023, to address 15 security flaws, including CVE-2022-41328.
To patch the security flaw, admins have to upgrade vulnerable products to FortiOS version 6.4.12 and later, FortiOS version 7.0.10 and later, or FortiOS version 7.2.4 and above.