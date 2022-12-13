New Fortinet bug under active exploitation

By on
New Fortinet bug under active exploitation

Overflow may allow remote code execution.

Fortinet has warned customers to patch immediately against a new vulnerability it said is under active exploitation.

The critical-rated vulnerability exists in a VPN product, FortiOS SSL-VPN.

In its advisory, the company said the bug is a heap-based buffer overflow.

It “may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests”, the company said.

As well as installing patches, the company said admins should check their systems for indicators of compromise.

These include multiple log entries indicating the SSL VPN daemon has crashed; and the presence of the following artefacts on a system: libips.bak, libgif.so, libiptcp.so, libipudp.so, libjepg.so, .sslvpnconfigbk, wxd.conf, and a /flash directory.

A compromised system might also show connections to what Fortinet calls “suspicious IP addresses”: 188.34.130.40:444; 103.131.189.143:30080, along with 30081, 30443, and 20443; 192.36.119.61:8443 and 444; and 172.247.168.153:8033. 

The addresses are hosted variously in Iran, Sweden and the United States, according to the DNS lookup tool Robtex.

The vulnerability is present in eight branches of the Fortios SSL-VPN software, and all have been patched.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
fortinetsecuritysslvulnerability

Sponsored Whitepapers

Using Cloud-Based, AI-Driven Management to Improve Network Operations
Using Cloud-Based, AI-Driven Management to Improve Network Operations
The Business Value of AIOps-Driven Network Management
The Business Value of AIOps-Driven Network Management
The AI-Driven Campus: Using artificial intelligence for the campus networks of the next decade
The AI-Driven Campus: Using artificial intelligence for the campus networks of the next decade
Bringing AI To Enterprise Networking: The Journey to better experiences with AIOps
Bringing AI To Enterprise Networking: The Journey to better experiences with AIOps
Adjusting to a New Era in Ransomware Risk
Adjusting to a New Era in Ransomware Risk

Events

Most Read Articles

AFP arrests four over crypto, investment scams

AFP arrests four over crypto, investment scams
Gov sets target to make Australia "most cyber secure country" by 2030

Gov sets target to make Australia "most cyber secure country" by 2030
Telstra blames privacy breach on 'database misalignment'

Telstra blames privacy breach on 'database misalignment'
CLOUD Act treaty should be ratified, says committee

CLOUD Act treaty should be ratified, says committee

Digital Nation

Cover Story: The business of gaming will reshape marketing, technology
Cover Story: The business of gaming will reshape marketing, technology
Case Study: How HCF reengaged its customers through data and analytics
Case Study: How HCF reengaged its customers through data and analytics
Case study: How La Trobe University sets its data students up for success
Case study: How La Trobe University sets its data students up for success
Case study: Transurban uses automation to detect road incidents
Case study: Transurban uses automation to detect road incidents
Meta threatens to take news off its platform in the US. Yep, we're here again
Meta threatens to take news off its platform in the US. Yep, we're here again

Log In

  |  Forgot your password?