March 13, 2023 By Sergiu Gatlan
Unknown attackers used zero-day exploits to abuse a new FortiOS bug patched this month in attacks targeting government and large organizations that have led to OS and file corruption and data loss.
Fortinet released security updates on March 7, 2023, to address this high-severity security vulnerability (CVE-2022-41328) that allowed threat actors to execute unauthorized code or commands.
"A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in FortiOS may allow a privileged attacker to read and write arbitrary files via crafted CLI commands," the company says in the advisory.
