X-Industry

Fortinet Vulnerabilities

Posted by Bill Schenkelberg on December 14, 2022 at 7:50am

10909509287?profile=RESIZE_400xRed Sky Alliance utilizes Fortinet collections, analysis, and support; this is important.  A vulnerability has been recently discovered in Fortinet's FortiOS, which could allow for arbitrary code execution.  FortiOS is the Fortinet’s proprietary operation system which is utilized across multiple product lines.  Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.[1]

Threat Intelligence: Fortinet is aware of instances where there is an exploitation against the vulnerability.

System Affected:

  • FortiOS version 7.2.0 through 7.2.2
  • FortiOS version 7.0.0 through 7.0.8
  • FortiOS version 6.4.0 through 6.4.10
  • FortiOS version 6.2.0 through 6.2.11
  • FortiOS-6K7K version 7.0.0 through 7.0.7
  • FortiOS-6K7K version 6.4.0 through 6.4.9
  • FortiOS-6K7K version 6.2.0 through 6.2.11
  • FortiOS-6K7K version 6.0.0 through 6.0.14

Risk:

Government:

- Large and medium government entities: High

- Small government entities: High

Businesses:

- Large and medium business entities: High

- Small business entities: High

Home Users: Low

Technical Summary: A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Recommendations: 

  • Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Restrict execution of code to a virtual environment on or in transit to an endpoint system.
  • Vulnerability scanning is used to find potentially exploitable software vulnerabilities to remediate them.
  • Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from untrusted sources. Remind users not to visit untrusted websites or follow links provided by unknown or untrusted sources.

References:

Fortinet -      ​https://fortiguard.fortinet.com/psirt/FG-IR-22-398

CVE -           https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42475

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com      

Weekly Cyber Intelligence Briefings:

  • Reporting: https://www. redskyalliance. org/   
  • Website: https://www. wapacklabs. com/  
  • LinkedIn:       https://www. linkedin. com/company/64265941   

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989

[1] https://www.cisecurity.org/advisory/a-vulnerability-in-fortinets-fortios-could-allow-for-arbitrary-code-execution_2022-139

Views: 47
Tags: ir-22-347-001, fortinet, advisory, vulnerability, fortios, arbitrary code execution
E-mail me when people leave their comments –
Follow

You need to be a member of Red Sky Alliance to add comments!