Critical Fortinet Vulnerability - Take Action Now!
In December 2022, Fortinet released a patch for a Critical (CVSSv3 Score of 9.3) vulnerability also known as CVE-2022-42475, which affected the SSL-VPN service in FortiOS. The heap-based buffer overflow vulnerability allowed remote, unauthenticated attackers to execute arbitrary code or commands via specifically crafted requests.
At the time of patch release, Fortinet advised that the vulnerability was seen to be used in the wild and recommended that the latest patches are applied as a matter of urgency to remediate the issue.
Since then, Fortinet has shared further information in relation to the vulnerability, stating that the vulnerability was exploited by attackers to compromise governmental or government-related targets.
Fortinet says the attackers have advanced capabilities: they were able to reverse-engineer various parts of FortiOS to help them with the creation of the exploit and use a Linux-based implant that was custom-made to run on that operating system. Fortinet have also pointed out that the exploit is capable of manipulating log files to avoid detection, “It searches for elog files, which are logs of events in FortiOS. After decompressing them in memory, it searches for a string the attacker specifies, deletes it, and reconstructs the logs. The malware can also kill the logging processes,”, the company explained.
Threat actors have been leveraging vulnerabilities in Fortinet SSL VPNs in attacks for several years to the extent that the Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency issued a dedicated advisory to these flaws and their exploitation in 2021. Given that this vulnerability has already been exploited, 3B Data Security strongly recommends upgrading FortiOS to fully remediate CVE-2022-42475.
Should you be concerned about your systems security, 3B Data Security can provide a wide range of penetration testing and Red Team services and projects. Get in contact with 3B Data Security for a confidential discussion on security testing and security hardening servcies.