{"id":4482,"date":"2023-03-14T15:02:33","date_gmt":"2023-03-14T14:02:33","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=4482"},"modified":"2023-03-14T14:45:21","modified_gmt":"2023-03-14T13:45:21","slug":"fortinet-fortios-ranjivost-iskoristena-u-ciljanim-sajber-napadima","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2023\/03\/14\/fortinet-fortios-ranjivost-iskoristena-u-ciljanim-sajber-napadima\/","title":{"rendered":"Fortinet FortiOS ranjivost iskori\u0161tena u ciljanim sajber napadima"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\"><em>Fortinet FortiOS<\/em> ranjivost iskori\u0161tena u ciljanim sajber napadima na dr\u017eavne agencije i velike poslovne organizacije.<\/span><\/p>\n<div id=\"attachment_4485\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4485\" class=\"size-full wp-image-4485\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/Fortinet-FortiOS.jpg\" alt=\"Fortinet FortiOS\" width=\"1024\" height=\"626\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/Fortinet-FortiOS.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/Fortinet-FortiOS-300x183.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/Fortinet-FortiOS-768x470.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/03\/Fortinet-FortiOS-18x12.jpg 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4485\" class=\"wp-caption-text\"><em>Fortinet FortiOS ranjivost iskori\u0161tena u ciljanim sajber napadima; Dizajn: Sa\u0161a \u0110uri\u0107<\/em><\/p><\/div>\n<h2><span style=\"font-size: 14pt;\"><strong>Nova ranjivost<\/strong><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\"><em>Fortinet FortiOS<\/em> ranjivost za koju je objavljeno a\u017euriranje mo\u017ee dovesti do korupcije ili gubitka podatka, a ozna\u010dena je kao <a href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-22-369\" target=\"_blank\" rel=\"noopener\"><em>CVE-2022-41328<\/em><\/a> sa ocjenom ranjivost <em>CVSS 6.5<\/em>. Rije\u010d je o gre\u0161ci u prelasku putanje u <em>FortiOS<\/em> sistemu koja mo\u017ee dovesti izvr\u0161avanja proizvoljnog k\u00f4da, a slo\u017eenost eksploatacije gre\u0161ke sugeri\u0161e da ovu gre\u0161ku iskori\u0161tava <a href=\"https:\/\/sajberinfo.com\/en\/2020\/12\/08\/apt-sponzorisani-napadi\/\" target=\"_blank\" rel=\"nofollow noopener\"><em>APT<\/em> grupa<\/a>.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Pogo\u0111ene verzije <em>FortiOS<\/em> sistema su:<\/span><\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\"><em>FortiOS 6.0,<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>FortiOS 6.2,<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>FortiOS 6.4.0 <\/em>do<em> 6.4.11,<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>FortiOS 7.0.0 <\/em>do<em> 7.0.9,<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>FortiOS 7.2.0 <\/em>do<em> 7.2.3.<\/em><\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Ranjivost je ispravljena u verzijama:<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>FortiOS<\/em> 6.4.12,<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>FortiOS <\/em>7.0.10,<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>FortiOS<\/em> 7.2.4.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Ova ranjivost se pojavljuje samo nekoliko dana nakon \u0161to je kompanija <em>Fortinet <\/em>objavila a\u017euriranje za 15 sigurnosnih ranjivosti, uklju\u010duju\u0107i i ranjivost <a href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-23-001\" target=\"_blank\" rel=\"noopener\"><em>CVE-2023-25610<\/em><\/a> sa <em>CVSS<\/em> ocjenom: 9.3 koja je <a href=\"https:\/\/sajberinfo.com\/en\/2023\/03\/11\/fortinet-ispravlja-kriticnu-ranjivost\/\" target=\"_blank\" rel=\"nofollow noopener\">poga\u0111a <em>FortiOS<\/em> i <em>FortiProxy<\/em><\/a>.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"font-size: 14pt;\"><strong>Kompromitovanje ure\u0111aja<\/strong><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Napad je otkriven kod kompromitovanih <em>Fortigate<\/em> kod kojih je omogu\u0107en <em>FIPS<\/em> opcija, gdje korisnici dobijaju poruku: \u201c<em>System enters error-mode due to FIPS error: Firmware Integrity self-test failed<\/em>\u201d i ure\u0111aj se ne mo\u017ee ponovo pokrenuti.\u00a0 <em>FIPS<\/em> mehanizam je namijenjen da vr\u0161i provjeru integriteta i ako uo\u010di nepravilnosti, dolazi do ga\u0161enja ure\u0111aja i onemogu\u0107ava se pokretanje kako bi se sprije\u010dilo dalje ugro\u017eavanje mre\u017ene infrastrukture pogo\u0111ene organizacije.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Napad na <em>Fortigat<\/em> se vr\u0161i iskori\u0161tavanjem ranjivosti prelaska putanje, gdje se pokre\u0107e skripta koja se izvr\u0161ava preko opcije <em>FortiManager<\/em>. Istraga je pokazala da su napada\u010di izvr\u0161ili izmjenu upravlja\u010dkog softvera (eng. <em>firmware<\/em>) prije pokretanja procesa u\u010ditavanja. To je napada\u010dima omogu\u0107ili izvla\u010denje podataka, preuzimanje i upisivanje novih datoteka ili u\u010ditavanje daljinskog komandnog okru\u017eenja prilikom prijema<em> ICMP<\/em> paketa.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h4><span style=\"font-size: 14pt;\"><strong>Zaklju\u010dak<\/strong><\/span><\/h4>\n<p><span style=\"font-size: 14pt;\">Uzimaju\u0107i u obzir slo\u017eenost napada, postoji sumnja da napada\u010di dobro poznaju <em>FortiOS<\/em> operativni sistem i hardver na kojem on radi, kao i da posjeduju napredna znanja obrnutog in\u017einjeringa razli\u010ditih aspekata <em>FortiOS<\/em> operativnog sistema.\u00a0<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Fortinet FortiOS ranjivost iskori\u0161tena u ciljanim sajber napadima na dr\u017eavne agencije i velike poslovne organizacije. Nova ranjivost Fortinet FortiOS ranjivost za koju je objavljeno a\u017euriranje mo\u017ee dovesti do korupcije ili gubitka podatka, a ozna\u010dena&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":4485,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[62,140,285,295,126],"class_list":["post-4482","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-apt","tag-firmware","tag-fortinet","tag-fortios","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4482","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=4482"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4482\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/4485"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=4482"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=4482"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=4482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}