A critical vulnerability that was exploited in the Fortinet operating system, FortiOS, was disclosed back in December. Fortinet rated the vulnerability, CVE-2022-42475, as a 9.3/10 on the Common Vulnerability Scoring System (CVSS). A sophisticated malware implant was also deployed through the flaw, it was later discovered.
The critical vulnerability is in the SSL-VPN functionality of FortiOs, and can be exploited by remote attackers without authentication and the result can be the execution of arbitrary codes and commands. All customers of the operating system have been urged to patch the vulnerability as soon as possible.
Since the vulnerability has been announced, it has been discovered that suspected Chinese cyber threat actors exploited the recently patched vulnerability and targeted a European government entity and an MSP in Africa. The attacker developed a specific Linux backdoor, called BOLDMOVE, to run on Fortinet’s FortiGate firewalls. The backdoor carries out a system survey that can receive commands from a C2 server to allow attackers to perform file operations, spawn a remote shell and relay traffic through the malware-infected host.
The Linux malware variant may also include the capability to disable and manipulate logging features in order to evade detection.
Staying on top of, and patching all known vulnerabilities as soon as they become available is critical to your cyber risk posture.
The FCC recommends all organizations have a vulnerability risk assessment completed every 90 days. SecuLore’s™ CyberBenchmark fulfills policy requirements and helps you understand where your network is vulnerable, as well as providing actionable remediation recommendations to help protect your network.
SecuLore™ OverWatch provides continuous network monitoring through our patented Paladin™ technology to detect vulnerabilities in your network and detect anomalous behavior. The technology passively captures all traffic on your network to identify threats that are often missed by other layers of security. The packet captures are sent to our Security Operations Center to be processed via a unique behavioral analysis that is constantly reviewed by our team of CEH (Certified Ethical Hackers).
SecuLore Support Team