top of page
Search
Dec 13, 20222 min read

Fortinet released a critical vulnerability in FortiOS .

What is the situation?

Fortinet released a critical vulnerability in FortiOS that may allow remote unauthenticated attackers to execute arbitrary code or commands via specifically crafted requests. Fortinet has confirmed they are aware of this vulnerability being exploited in the wild.

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to exe.

Affected versions:

FortiOS - 7.2.2, 7.2.1, 7.2.0, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.10, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.11, 6.2.10, 6.2.1, 6.2.0

Connections to suspicious IP addresses from the FortiGate:

188.34.130.40:444 103.131.189.143:30080,30081,30443,20443 192.36.119.61:8443,444 172.247.168.153:8033

Affected Products

FortiOS version 7.2.0 through 7.2.2 FortiOS version 7.0.0 through 7.0.8 FortiOS version 6.4.0 through 6.4.10 FortiOS version 6.2.0 through 6.2.11 FortiOS-6K7K version 7.0.0 through 7.0.7 FortiOS-6K7K version 6.4.0 through 6.4.9 FortiOS-6K7K version 6.2.0 through 6.2.11 FortiOS-6K7K version 6.0.0 through 6.0.14

What to do.

Please upgrade to FortiOS version 7.2.3 or above Please upgrade to FortiOS version 7.0.9 or above Please upgrade to FortiOS version 6.4.11 or above Please upgrade to FortiOS version 6.2.12 or above Please upgrade to FortiOS-6K7K version 7.0.8 or above Please upgrade to FortiOS-6K7K version 6.4.10 or above Please upgrade to FortiOS-6K7K version 6.2.12 or above Please upgrade to FortiOS-6K7K version 6.0.15 or above

What is Securicom doing?

Securicom is actively threat hunting client environments for indicators of compromise (IOCs) related to this vulnerability.


Securicom started (upon client requests) and will be continue emergency firmware upgrades on the affected firewalls during the evenings between 9 pm and 2 am this week. Please let us know if you would prefer yours to be done earlier.


Securicom Cyber Security Engineers are on high alert and will monitor all suspicious activities on our clients firewalls and networks until all upgrades have been completed and confirmed.


Enhance your Security Posture. - See How Securicom can Help You!!





47 views0 comments

Comments

bottom of page