FortiSOAR Knowledge Base
FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
nmathur
Staff
Staff
Article Id 209240
Description

This article describes how the CVE-2022-22965 and CVE-2022-22963 vulnerabilities affect FortiSOAR as it uses the Spring Framework with JDK 11.

The CVE-2022-22965 vulnerability states that A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. FortiSOAR is affected by this vulnerability since it uses the Spring Boot framework which is dependent on the Spring framework. 

NoteFortiSOAR is not vulnerable to CVE-2022-22963 as FortiSOAR does not use the Spring Cloud Function. 

Scope FortiSOAR releases 7.0.x. 
Solution

Upgraded the Spring Boot Framework to 2.5.12.  

Install the fsr-cve-2022-22965-fix.zip security patch to fix this vulnerability on FortiSOAR 7.0.x as follows: 

 

1). SSH into the FortiSOAR VM and log in as a root user. 

 

2). Download the security patch file from the repo server using the following command:
wget https://update.cybersponse.com/patches/fsr-cve-2022-22965-fix.zip 

 

3). Extract the fsr-cve-2022-22965-fix.zip using command and go to the extracted directory:
unzip fsr-cve-2022-22965-fix.zip 
cd fsr-cve-2022-22965-fix/ 

 

4). Run the shell script 'hotfix.sh' to apply the changes:
sh hotfix.sh

 

 

Note: To fix these vulnerabilities in earlier releases of FortiSOAR, it is recommended to upgrade the firmware to 7.x.x series.

 

Contributors