Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
without_prejudice
New Contributor

FortiOS 6.2.9 list files in filesystem CVE-2022-42475 FG-IR-22-398

 

Hi

 

I have a pair of FortiGate-200E Firewalls in HA mode

v6.2.9,build1234,210601 (GA)

 

The  advisory FG-IR-22-398 recommends checking for the existence of certain files in the filesystem.

/data/lib/libips.bak
/data/lib/libgif.so
/data/lib/libiptcp.so
/data/lib/libipudp.so
/data/lib/libjepg.so
/var/.sslvpnconfigbk
/data/etc/wxd.conf
/flash

 

The fnsysctl command doesn't appear to be available.

$ fnsysctl ls
Unknown action 0

 

How do I list files in the filesystem in v6.2.9?

 

Do I need to enter a privileged mode to use fnsysctl or should I be using another command?

 

I am new to Fortigates and this has just been dropped in my lap.

 

Thanks for any assistance.

1 Solution
Yurisk
SuperUser
SuperUser

Hi,

  • You have to be an admin user with super_admin profile
  • You have to give the command folder to list: # fnsysctl ls -l /data/lib
  • Command is 'hidden' - tab completion will not work here.
  • It has been available for many years, so 6.2 has it for sure as well.
Yuri https://yurisk.info/  blog: All things Fortinet, no ads.

View solution in original post

Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
13 REPLIES 13
JoePasc
New Contributor

  • You have to be an admin user with super_admin profile
  • Paste these commands into CLI and off you go

fnsysctl ls -a /data/lib/libips.bak
fnsysctl ls -a /data/lib/libgif.so
fnsysctl ls -a /data/lib/libiptcp.so
fnsysctl ls -a /data/lib/libipudp.so
fnsysctl ls -a /data/lib/libjepg.so
fnsysctl ls -a /var/.sslvpnconfigbk
fnsysctl ls -a /data/etc/wxd.conf
fnsysctl ls -a /flash

eda
New Contributor II

Thank You for answer JoePasc but I already done that and that was not what @dan  and I was asking for.

 

@dan wrote:

I think the same PSIRT also mentiones to search for the logfiles for Logdesc="Application crashed" and msg="[...] application:sslvpnd,[...], Signal 11 received, Backtrace: [...]“

How can this be done easily on the CLI?

 

And I also asked: What is the path to the logfile to search and the name of the logfile.

 

The files You @JoePasc  talk about are not logfiles. Correct?

 

Kind Regards \\eda

st1tchs373n

You might've found this already, but there's a post here with what I think is the forticommand that you are looking for. Unfortunately, I couldn't pipe it to fnsysctl grep but EDIT: can pipe it to grep without the fnsysctl) and was able to download my cli session history and search it that way too.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Critical-vulnerability-Protect-against-hea...

 

diagnose debug crashlog read

 

 

eda
New Contributor II

Thank You @st1tchs373n  !

That information helped me to do what I needed to do.

 

Kind Regards \\eda

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors