Skip to main content
UserOne
UserOne
New Member
April 17, 2025
Solved

symbolic link vulnerability

  • April 17, 2025
  • 3 replies
  • 2974 views

Hello
Recently there was a post from Fortinet PSIRT about the symlink trick:
https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity

Is there any chance to get information how to find indicators of compromise (IOC)?
I mean I can update to 7.2.11 (I am currently on 7.2.10) but the used CVE's are older and I updated the fortigate before the publication of these CVE's, so there is a small chance to be compromised.
I just want to check if the fortigate is compromised, if yes, i will reinstall it. If no, I just update to 7.2.11 and have a happy life :)

 

Any ideas?

Best answer by fabs-net

Hi,

 

I think the best option here is to contact the official Fortinet support via ticket.
They can also identify exactly which devices are affected and how to check for IoCs (if possible).

 

KR Fabian

3 replies

fabs-net
fabs-netAnswer
Explorer III
April 17, 2025

Hi,

 

I think the best option here is to contact the official Fortinet support via ticket.
They can also identify exactly which devices are affected and how to check for IoCs (if possible).

 

KR Fabian

Every packet has a journey.
    UserOne
    UserOneAuthor
    New Member
    April 22, 2025

    Hi Fabian,
    Yes, done via Ticket. They sadly don't give more information at the moment how to check for IoCs.
    BR
    Steve

      AshleyCole
      AshleyCole
      New Member
      May 5, 2025

      Great proactive approach! Hopefully, it's all clear after checking!

      Spoiler
      Fortinet’s published analysis and looking for suspicious activity or known attack patterns that match your environment. Examine system logs, unusual traffic, and changes in configuration or files. If you detect any IOCs, reinstalling the device is a safe option. Otherwise, updating to 7.2.11 should secure your system. After missing a few classes due to illness, I fell behind on assignments. I used https://academized.com/ to catch up quickly. Academized gave me a boost with their essay writing service, helping me stay on track and meet deadlines I would’ve otherwise missed.
        Terms & ConditionsAccessibility statement