![]() ![]() The security defect, Fortinet says in a blog post, was identified after “a sudden system halt and subsequent boot failure – a design to protect against compromise – of multiple FortiGate devices of a customer”. “An improper limitation of a pathname to a restricted directory vulnerability (‘path traversal’) in FortiOS may allow a privileged attacker to read and write arbitrary files via crafted CLI commands,” Fortinet notes in its advisory. When it announced the availability of fixes, Fortinet failed to mention that this was actually a zero-day vulnerability. Patched last week, the bug is tracked as CVE-2022-41328 and is described as a medium-severity path traversal issue leading to command execution. Fortinet warns that a recently addressed FortiOS vulnerability has been exploited by a sophisticated threat actor in highly targeted attacks against governmental and government-related entities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |