IOC related to CVE-2022-42475

Forum|Forum|1 year ago
June 14, 2024
1 reply
2364 views

Hello

Would anyone know the commands to check file system for Indicators of Compromise related to the above CVE? I understand that this was affected only between 7.2.0 - 7.2.2, but we were running that version before and we are now on 7.2.8

I did get these commands from TAC, but it seems almost impossible to sift through the data:

diag debug crashlog read
fnsysctl ls /var/log/log/root/
fnsysctl ls -l /data/lib
get sys performance status
get system status
exec tac report

Appreciate the assistance in advance.

FortiGate

joser

Staff

Hello,

You may use link below as guide:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Critical-vulnerability-Protect-against-heap-based/ta-p/239420

bigkeoni64Author

Explorer II

So for an HA pair of FortiGate's, would I need to check the standby firewall as well?

# diagnose debug crashlog read

as well as the libraries on each Primary/Standby device?

# fnsysctl ls -l /data/lib

/data/lib/libips.bak
/data/lib/libgif.so
/data/lib/libiptcp.so
/data/lib/libipudp.so
/data/lib/libjepg.so

# fnsysctl ls -la /var
/var/.sslvpnconfigbk

# fnsysctl ls -l /data/etc
/data/etc/wxd.conf

# fnsysctl ls -l /
/flash

joser

Staff

Yes, please check each unit.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded