Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
without_prejudice
New Contributor

Created on ‎12-12-2022 10:36 PM

FortiOS 6.2.9 list files in filesystem CVE-2022-42475 FG-IR-22-398

 

Hi

 

I have a pair of FortiGate-200E Firewalls in HA mode

v6.2.9,build1234,210601 (GA)

 

The  advisory FG-IR-22-398 recommends checking for the existence of certain files in the filesystem.

/data/lib/libips.bak
/data/lib/libgif.so
/data/lib/libiptcp.so
/data/lib/libipudp.so
/data/lib/libjepg.so
/var/.sslvpnconfigbk
/data/etc/wxd.conf
/flash

 

The fnsysctl command doesn't appear to be available.

$ fnsysctl ls
Unknown action 0

 

How do I list files in the filesystem in v6.2.9?

 

Do I need to enter a privileged mode to use fnsysctl or should I be using another command?

 

I am new to Fortigates and this has just been dropped in my lap.

 

Thanks for any assistance.

Labels:
13372
0 Kudos
1 Solution
Yurisk
Valued Contributor

Created on ‎12-12-2022 11:53 PM

Hi,

  • You have to be an admin user with super_admin profile
  • You have to give the command folder to list: # fnsysctl ls -l /data/lib
  • Command is 'hidden' - tab completion will not work here.
  • It has been available for many years, so 6.2 has it for sure as well.
Yuri https://yurisk.info/  blog: All things Fortinet, no ads.

View solution in original post

Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
13342
13 REPLIES 13
JoePasc
New Contributor

Created on ‎12-15-2022 01:18 PM

  • You have to be an admin user with super_admin profile
  • Paste these commands into CLI and off you go

fnsysctl ls -a /data/lib/libips.bak
fnsysctl ls -a /data/lib/libgif.so
fnsysctl ls -a /data/lib/libiptcp.so
fnsysctl ls -a /data/lib/libipudp.so
fnsysctl ls -a /data/lib/libjepg.so
fnsysctl ls -a /var/.sslvpnconfigbk
fnsysctl ls -a /data/etc/wxd.conf
fnsysctl ls -a /flash

1809
0 Kudos
eda
New Contributor II
In response to JoePasc

Created on ‎12-15-2022 11:45 PM

Thank You for answer JoePasc but I already done that and that was not what @dan  and I was asking for.

 

@dan wrote:

I think the same PSIRT also mentiones to search for the logfiles for Logdesc="Application crashed" and msg="[...] application:sslvpnd,[...], Signal 11 received, Backtrace: [...]“

How can this be done easily on the CLI?

 

And I also asked: What is the path to the logfile to search and the name of the logfile.

 

The files You @JoePasc  talk about are not logfiles. Correct?

 

Kind Regards \\eda

1639
0 Kudos
st1tchs373n
New Contributor
In response to eda

Created on ‎12-21-2022 03:14 PM Edited on ‎12-27-2022 11:09 AM

You might've found this already, but there's a post here with what I think is the forticommand that you are looking for. Unfortunately, I couldn't pipe it to fnsysctl grep but EDIT: can pipe it to grep without the fnsysctl) and was able to download my cli session history and search it that way too.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Critical-vulnerability-Protect-against-hea...

 

diagnose debug crashlog read

 

 

1402
eda
New Contributor II
In response to st1tchs373n

Created on ‎12-28-2022 06:53 AM

Thank You @st1tchs373n  !

That information helped me to do what I needed to do.

 

Kind Regards \\eda

 

1346
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.