Red Sky Alliance utilizes Fortinet collections, analysis, and support; this is important. A vulnerability has been recently discovered in Fortinet's FortiOS, which could allow for arbitrary code execution. FortiOS is the Fortinet’s proprietary operation system which is utilized across multiple product lines. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.[1]
Threat Intelligence: Fortinet is aware of instances where there is an exploitation against the vulnerability.
System Affected:
- FortiOS version 7.2.0 through 7.2.2
- FortiOS version 7.0.0 through 7.0.8
- FortiOS version 6.4.0 through 6.4.10
- FortiOS version 6.2.0 through 6.2.11
- FortiOS-6K7K version 7.0.0 through 7.0.7
- FortiOS-6K7K version 6.4.0 through 6.4.9
- FortiOS-6K7K version 6.2.0 through 6.2.11
- FortiOS-6K7K version 6.0.0 through 6.0.14
Risk:
Government:
- Large and medium government entities: High
- Small government entities: High
Businesses:
- Large and medium business entities: High
- Small business entities: High
Home Users: Low
Technical Summary: A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Recommendations:
- Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Restrict execution of code to a virtual environment on or in transit to an endpoint system.
- Vulnerability scanning is used to find potentially exploitable software vulnerabilities to remediate them.
- Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.
- Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from untrusted sources. Remind users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
References:
Fortinet - https://fortiguard.fortinet.com/psirt/FG-IR-22-398
CVE - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42475
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.cisecurity.org/advisory/a-vulnerability-in-fortinets-fortios-could-allow-for-arbitrary-code-execution_2022-139
Comments