Ethical Hacking News
A recently discovered vulnerability in FortiGate devices allows threat actors to bypass patches and maintain read-only access to the device's file system via a symbolic link trick. Fortinet has released patches for affected versions of FortiOS and is urging customers to patch their devices immediately while maintaining transparency about the incident.
Fortinet has discovered a vulnerability in its FortiGate devices that allows threat actors to bypass patches and maintain read-only access. The attack exploits a weakness in symbolic links, allowing attackers to trick the device into accepting malicious files. The vulnerability was found when threat actors were using it to gain persistent access to vulnerable FortiGate devices. Patches have been released for affected versions of FortiOS to address the issue. Fortinet is urging customers to patch their devices immediately and has notified impacted customers of the incident.
In a recent alert issued by cybersecurity firm Fortinet, it has been revealed that a sophisticated attack vector was discovered, which allows threat actors to bypass patches on FortiGate devices and maintain read-only access to the device's file system. This vulnerability is caused by exploiting known FortiGate flaws such as CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762 via a symbolic link in the SSL-VPN language folders.
The attack takes advantage of a subtle weakness in the way FortiGate handles symbolic links, allowing an attacker to create a malicious link that tricks the device into accepting it as a legitimate file. Once the link is accepted, the attacker can then read and write files on the device without being detected by security controls. This level of access allows the attackers to modify configurations, potentially leading to further exploitation.
The vulnerability was discovered when Fortinet noticed that threat actors were using this technique to gain persistent read-only access to vulnerable FortiGate devices. Despite the original vulnerability being patched, the symbolic link could still remain on the device, allowing the attacker to maintain their access.
Fortinet has taken steps to mitigate the attack by releasing several patches for FortiOS, including versions 7.6.2, 7.4.7, 7.2.11, and 7.0.17, as well as version 6.4.16. These patches address the vulnerability by modifying the way the SSL-VPN UI handles symbolic links and flagging malicious links for removal.
In addition to releasing patches, Fortinet has also urged customers to patch their devices immediately while maintaining transparency about the incident. The company has notified impacted customers and provided them with recommended steps to recover from the breach.
This latest vulnerability highlights the ongoing cat-and-mouse game between cybersecurity firms and threat actors. As companies continue to implement new security measures and patches, it is becoming increasingly important for organizations to stay vigilant and up-to-date on the latest vulnerabilities and threats.
The incident also underscores the importance of keeping device configurations in mind when dealing with symbolic links. The fact that attackers were able to exploit this vulnerability suggests a lack of awareness about the potential risks associated with these links.
In conclusion, Fortinet's recent warning serves as a reminder to organizations to be mindful of their security posture and to take proactive steps to patch vulnerabilities and protect against emerging threats. By staying informed and vigilant, companies can reduce their risk of falling victim to sophisticated attacks like this one.
Related Information:
https://www.ethicalhackingnews.com/articles/Fortinet-Warns-of-Symbolic-Link-Trick-that-Bypasses-FortiGate-Patches-Leaving-Devices-Vulnerable-to-Attackers-ehn.shtml
https://securityaffairs.com/176473/hacking/symbolic-link-trick-lets-attackers-bypass-fortigate-patches-fortinet-warns.html
https://nvd.nist.gov/vuln/detail/CVE-2022-42475
https://www.cvedetails.com/cve/CVE-2022-42475/
https://nvd.nist.gov/vuln/detail/CVE-2023-27997
https://www.cvedetails.com/cve/CVE-2023-27997/
https://nvd.nist.gov/vuln/detail/CVE-2024-21762
https://www.cvedetails.com/cve/CVE-2024-21762/
Published: Sat Apr 12 13:31:55 2025 by llama3.2 3B Q4_K_M
