The FortiGuard Incident Response team are ready to assist with the discovery, containment, and remediation of intrusions that have originated from the exploitation of vulnerabilities in external facing services.
A recently announced vulnerability in the Cacti platform (CVE-2022-46169) allows for unauthenticated command injection which could provide an initial access vector for an intrusion. Many threat actors, including those responsible for financial crime, are quick to integrate new vulnerabilities such as this into their TTPs.
Where exploitation is suspected a quick, thorough response is the best way to prevent an adversary from progressing through their kill chain and to minimize business impact.
To engage the IR team directly to assist with an investigation please use the ‘Experienced a breach?’ link available here:
This webpage also has additional information on the IR services provided and how it can help response to and mitigate risks associated with vulnerabilities like this.
If there is a question of whether the systems may be vulnerable to exploitation or to proactively prepare the security teams to better handle threats associated with campaigns targeting vulnerabilities like this, it is possible to engage the Incident Response Readiness service.
The FortiGuard IR Readiness service can assess the security posture and provide support to patch holes in the defenses, build playbooks to combat emerging threats, and war game the existing processes as part of tabletop activities.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.