{"id":4441,"date":"2025-04-14T10:45:57","date_gmt":"2025-04-14T07:45:57","guid":{"rendered":"https:\/\/www.govcert.bg\/?p=4441"},"modified":"2025-04-14T10:59:29","modified_gmt":"2025-04-14T07:59:29","slug":"4441","status":"publish","type":"post","link":"https:\/\/www.govcert.bg\/en\/warnings\/4441\/","title":{"rendered":"Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities"},"content":{"rendered":"<p style=\"text-align: justify;\">Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet RCE vulnerabilities within FortiOS and FortiGate products. This malicious file could enable read-only access to files on the devices\u2019 file system, which may include configurations.<\/p>\n<p style=\"text-align: justify;\"><strong>CERT <\/strong><strong>Bulgaria<\/strong> encourages administrators to review Fortinet\u2019s advisory and:<\/p>\n<ul>\n<li>Upgrade to FortiOS versions 7.6.2, 7.4.7, 7.2.11, 7.0.17, 6.4.16 to remove the malicious file and prevent re-compromise;<\/li>\n<li>Review the configuration of all in-scope devices;<\/li>\n<li>Reset potentially exposed credentials;<\/li>\n<li>As a work-around mitigation until the patch is applied, consider disabling SSL-VPN functionality, as exploitation of the file requires the SSL-VPN to be enabled.<\/li>\n<\/ul>\n<p>For more information:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.fortinet.com\/blog\/psirt-blogs\/analysis-of-threat-actor-activity\">Analysis of Threat Actor Activity | Fortinet Blog<\/a><\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet RCE vulnerabilities within FortiOS and FortiGate products. This malicious file could enable read-only access to files on the devices\u2019 file system, which may include configurations. <a title=\"Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities\" class=\"read-more\" href=\"https:\/\/www.govcert.bg\/en\/warnings\/4441\/\" aria-label=\"More on Fortinet \u043f\u0443\u0431\u043b\u0438\u043a\u0443\u0432\u0430 \u0440\u044a\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u043e\u0442\u043d\u043e\u0441\u043d\u043e \u043d\u043e\u0432\u0430 \u0442\u0435\u0445\u043d\u0438\u043a\u0430 \u0437\u0430 \u0435\u043a\u0441\u043f\u043b\u043e\u0430\u0442\u0438\u0440\u0430\u043d\u0435 \u043d\u0430 \u0432\u0435\u0447\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\">Read more<\/a><\/p>","protected":false},"author":10,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[44],"tags":[],"class_list":["post-4441","post","type-post","status-publish","format-standard","hentry","category-warnings"],"_links":{"self":[{"href":"https:\/\/www.govcert.bg\/en\/wp-json\/wp\/v2\/posts\/4441","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.govcert.bg\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.govcert.bg\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.govcert.bg\/en\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.govcert.bg\/en\/wp-json\/wp\/v2\/comments?post=4441"}],"version-history":[{"count":5,"href":"https:\/\/www.govcert.bg\/en\/wp-json\/wp\/v2\/posts\/4441\/revisions"}],"predecessor-version":[{"id":4446,"href":"https:\/\/www.govcert.bg\/en\/wp-json\/wp\/v2\/posts\/4441\/revisions\/4446"}],"wp:attachment":[{"href":"https:\/\/www.govcert.bg\/en\/wp-json\/wp\/v2\/media?parent=4441"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.govcert.bg\/en\/wp-json\/wp\/v2\/categories?post=4441"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.govcert.bg\/en\/wp-json\/wp\/v2\/tags?post=4441"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}