Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-41328
CVE-2022-41328:
FortiOS vulnerability analysis and mitigation
Overview
A path traversal vulnerability (CVE-2022-41328) was discovered in Fortinet FortiOS versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.9, and versions before 6.4.11. The vulnerability allows a privileged attacker to read and write files on the underlying Linux system through crafted CLI commands. This vulnerability was initially disclosed on March 7, 2023, and was actively exploited in highly targeted attacks against governmental or government-related targets (Fortinet Advisory, SecurityWeek).
Technical details
The vulnerability is classified as an improper limitation of a pathname to a restricted directory vulnerability (CWE-22). It received a CVSS v3.1 base score of 7.1 (High) from NIST and 6.7 (Medium) from Fortinet. The exploitation requires privileged access and allows attackers to execute arbitrary commands through path traversal via crafted CLI commands. The vulnerability was discovered after multiple FortiGate devices experienced system halts due to FIPS firmware integrity self-test failures, indicating compromised system files (Fortinet Blog).
Impact
The exploitation of this vulnerability enables attackers to read and write files on the underlying Linux system, potentially leading to unauthorized code execution, data loss, and OS corruption. The attack complexity suggests an advanced actor with deep understanding of FortiOS and underlying hardware. The vulnerability has been actively exploited in sophisticated attacks targeting government organizations (Fortinet Blog, SecurityWeek).
Mitigation and workarounds
Fortinet has released patches to address this vulnerability. Organizations are advised to upgrade to FortiOS version 7.2.4 or above, FortiOS version 7.0.10 or above, FortiOS version 6.4.12 or above, or FortiOS version 6.2.14 or above, depending on their current version (Fortinet Advisory).
Community reactions
The security community has expressed significant concern about this vulnerability, particularly due to its exploitation by suspected Chinese state-sponsored actors. Mandiant's analysis linked the attacks to Chinese cyberespionage operations, highlighting the sophisticated nature of the threat actor and their targeting of government organizations (SecurityWeek).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management