CVE-2022-41328

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 7.2.0 through 7.2.3 Fortinet FortiOS versions 7.0.0 through 7.0.9 Fortinet FortiOS versions before 6.4.11

Description The issue is related to an improper limitation of a pathname to a restricted directory vulnerability, also known as 'path traversal', which allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands. This flaw could potentially result in the execution of arbitrary code. A Chinese hacking group, reportedly state-sponsored, has been exploiting this vulnerability in a cyber espionage campaign targeting defense, government, technical, and telecommunications organizations. The attackers have been using custom malware to spy on victims and have been able to maintain persistent access to compromised environments.

Recommendations For Fortinet FortiOS versions 7.2.0 through 7.2.3, update to a version outside of this range to resolve the issue. For Fortinet FortiOS versions 7.0.0 through 7.0.9, update to a version outside of this range to resolve the issue. For Fortinet FortiOS versions before 6.4.11, update to version 6.4.11 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted CLI commands to minimize the risk of exploitation.