Fortinet, a world leader in high-performance cybersecurity solutions, has recently come under fire after it was revealed that their software was exploited by an unknown threat actor. This exploit allowed for data loss and OS and file corruption. The complexity of the exploit suggests that it is highly targeted and that the actor is very skilled. The zero-day flaw in question is CVE-2022-41328 (CVSS score: 6.5), a medium security path traversal bug in FortiOS that could lead to arbitrary code execution. This means that the attacker could have read and written any files they wanted. The shortcoming impacts FortiOS versions 6.0, 6.2, 6.4.0 through 6.4.11, 7.0.0 through 7.0.9, and 7.2.0 through 7.2.3.
However, fixes are available in versions 6.4.12, 7.0.10, and 7.2.4 respectively. The disclosure comes days after Fortinet released patches to address 15 security flaws, including CVE-2022-41328 and a critical heap-based buffer underflow issue impacting FortiOS and FortiProxy (CVE-2023-25610, CVSS score: 9.3). According to the Sunnyvale-based company, multiple FortiGate devices belonging to an unnamed customer suffered from a "sudden system halt and subsequent boot failure," indicating an integrity breach. This is a serious issue that needs to be addressed immediately. If you are using any of the affected versions of FortiOS, make sure to update to the newest version as soon as possible.