Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bigkeoni64
Contributor

IOC related to CVE-2022-42475

Hello

Would anyone know the commands to check file system for Indicators of Compromise related to the above CVE? I understand that this was affected only between 7.2.0 - 7.2.2, but we were running that version before and we are now on 7.2.8

I did get these commands from TAC, but it seems almost impossible to sift through the data:

 

diag debug crashlog read
fnsysctl ls /var/log/log/root/
fnsysctl ls -l /data/lib
get sys performance status
get system status
exec tac report

Appreciate the assistance in advance.

3 REPLIES 3
bigkeoni64

So for an HA pair of FortiGate's, would I need to check the standby firewall as well?

 

# diagnose debug crashlog read

 

as well as the libraries on each Primary/Standby device?

 

# fnsysctl ls -l /data/lib 

/data/lib/libips.bak 
/data/lib/libgif.so 
/data/lib/libiptcp.so 
/data/lib/libipudp.so 
/data/lib/libjepg.so 

# fnsysctl ls -la /var 
/var/.sslvpnconfigbk 

# fnsysctl ls -l /data/etc 
/data/etc/wxd.conf 

# fnsysctl ls -l / 
/flash 

 
 

 



joser

Yes, please check each unit.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors