IOC related to CVE-2022-42475

bigkeoni64 · ‎06-14-2024

Hello

Would anyone know the commands to check file system for Indicators of Compromise related to the above CVE? I understand that this was affected only between 7.2.0 - 7.2.2, but we were running that version before and we are now on 7.2.8

I did get these commands from TAC, but it seems almost impossible to sift through the data:

diag debug crashlog read
fnsysctl ls /var/log/log/root/
fnsysctl ls -l /data/lib
get sys performance status
get system status
exec tac report

Appreciate the assistance in advance.

joser · ‎06-14-2024

Hello,

You may use link below as guide:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Critical-vulnerability-Protect-against-hea...

bigkeoni64 · ‎06-25-2024

So for an HA pair of FortiGate's, would I need to check the standby firewall as well?

# diagnose debug crashlog read

as well as the libraries on each Primary/Standby device?

# fnsysctl ls -l /data/lib

/data/lib/libips.bak
/data/lib/libgif.so
/data/lib/libiptcp.so
/data/lib/libipudp.so
/data/lib/libjepg.so

# fnsysctl ls -la /var
/var/.sslvpnconfigbk

# fnsysctl ls -l /data/etc
/data/etc/wxd.conf

# fnsysctl ls -l /
/flash

joser · ‎08-26-2024

Yes, please check each unit.

IOC related to CVE-2022-42475

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website