What is the situation?
Fortinet released a critical vulnerability in FortiOS that may allow remote unauthenticated attackers to execute arbitrary code or commands via specifically crafted requests. Fortinet has confirmed they are aware of this vulnerability being exploited in the wild.
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to exe.
Affected versions:
FortiOS - 7.2.2, 7.2.1, 7.2.0, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.10, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.11, 6.2.10, 6.2.1, 6.2.0
Connections to suspicious IP addresses from the FortiGate:
188.34.130.40:444 103.131.189.143:30080,30081,30443,20443 192.36.119.61:8443,444 172.247.168.153:8033
Affected Products
FortiOS version 7.2.0 through 7.2.2 FortiOS version 7.0.0 through 7.0.8 FortiOS version 6.4.0 through 6.4.10 FortiOS version 6.2.0 through 6.2.11 FortiOS-6K7K version 7.0.0 through 7.0.7 FortiOS-6K7K version 6.4.0 through 6.4.9 FortiOS-6K7K version 6.2.0 through 6.2.11 FortiOS-6K7K version 6.0.0 through 6.0.14
What to do.
Please upgrade to FortiOS version 7.2.3 or above Please upgrade to FortiOS version 7.0.9 or above Please upgrade to FortiOS version 6.4.11 or above Please upgrade to FortiOS version 6.2.12 or above Please upgrade to FortiOS-6K7K version 7.0.8 or above Please upgrade to FortiOS-6K7K version 6.4.10 or above Please upgrade to FortiOS-6K7K version 6.2.12 or above Please upgrade to FortiOS-6K7K version 6.0.15 or above
What is Securicom doing?
Securicom is actively threat hunting client environments for indicators of compromise (IOCs) related to this vulnerability.
Securicom started (upon client requests) and will be continue emergency firmware upgrades on the affected firewalls during the evenings between 9 pm and 2 am this week. Please let us know if you would prefer yours to be done earlier.
Securicom Cyber Security Engineers are on high alert and will monitor all suspicious activities on our clients firewalls and networks until all upgrades have been completed and confirmed.
Enhance your Security Posture. - See How Securicom can Help You!!
Comments