Skip to main content

New FortiOS Vulnerability Used in Zero-Day Attack Against Government Networks

by Advatek
March 15, 2023

Fortinet has recently announced a new zero-day vulnerability in its FortiOS operating system, which was being actively exploited to target government networks. The vulnerability, tracked as CVE-2022-3759, is a pre-authentication heap buffer overflow issue that can allow an attacker to execute arbitrary code on the device or cause it to crash.

Overview of the Zero-Day Attack

The vulnerability affects several versions of FortiOS, including 6.0.0 to 6.0.12, 6.2.0 to 6.2.11, and 7.0.0 to 7.0.8, which is a significant concern for organisations that use Fortinet's operating system. Security researchers from Mandiant, a subsidiary of FireEye, discovered the vulnerability in February 2022 and reported it to Fortinet. Fortinet has now released patches for all affected versions.

The vulnerability was being exploited by an advanced persistent threat (APT) group, APT41, to target government networks. The activity has been attributed to Chinese state-sponsored hacking, highlighting the ongoing threat from nation-state cyber-espionage. It is important to note that Fortinet has not detected any instances of the vulnerability being exploited outside of the targeted attacks against government networks.

Fortinet's quick response to this vulnerability is commendable. However, organisations that use Fortinet's operating system should remain vigilant and ensure that they have applied the patches released by Fortinet to mitigate the risk of exploitation. According to Fortinet, the company's latest threat intelligence shows that this vulnerability is being actively exploited in the wild, making it even more crucial for organisations to patch their systems as soon as possible.

The discovery of a zero-day vulnerability in Fortinet's FortiOS operating system is a reminder of the ongoing threat of cyber-espionage by nation-state actors. Organisations that use Fortinet's operating system should ensure that they have applied the patches released by Fortinet to mitigate the risk of exploitation.

Immediate Actions to Take

Fortinet has already released a patch to address this vulnerability. Organisations using FortiOS should take the following steps immediately:

  1. Update the FortiOS operating system to the latest version
  2. Review and strengthen authentication policies
  3. Monitor network traffic for any unusual activity
Working with Fortinet Partners

At Advatek, we highly recommend that organisations utilising Fortinet's operating system collaborate with experienced Fortinet partners like ourselves. As a trusted Fortinet partner, we possess a wealth of knowledge and expertise in deploying and managing Fortinet's security solutions. Our proficiency enables us to support organisations in implementing security best practices, including the timely application of patches and updates to minimise the risk of exploitation.

Our extensive experience in the field allows us to assist organisations in promptly detecting and responding to security incidents, which is crucial in mitigating the consequences of a security breach.

References: FortiGuard.com. (2023). Fortinet Security Advisory: CVE-2022-3759. [online] Available at: https://www.fortiguard.com/psirt/FG-IR-21-015 [Accessed 15 Mar. 2023].