This is specifically related to a zero-day flaw (CVE-2022-41328), a medium security path traversal bug in FortiOS that could lead to arbitrary code execution.įortiAuthenticator version prior to 6.5.0
This targeting has resulted in data loss and OS and file corruption. March 14th – UPDATED THREAT INTELLEGENCE: Multiple open sources are reporting government entities and large organizations have been targeted by an unknown threat actor exploiting a security flaw in Fortinet FortiOS software. THREAT INTELLIGENCE: There are currently no reports of these vulnerabilities being exploited in the wild.
Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Depending on the privileges associated with the service account an attacker could then install programs view, change, or delete data or create new accounts with full user rights. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected service account. Fortinet has several products that are able to deliver high-performance network security solutions that protect your network, users, and data from continually evolving threats. OVERVIEW: Multiple vulnerabilities have been discovered in Fortinet Products, the most severe of which could allow for arbitrary code execution. SUBJECT: Multiple Vulnerabilities in Fortinet Products Could Allow for Arbitrary Code Execution MS-ISAC ADVISORY NUMBER: 2023-028 - UPDATED
0 kommentar(er)
