symbolic link vulnerability

UserOne · ‎04-17-2025

Hello
Recently there was a post from Fortinet PSIRT about the symlink trick:
https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity

Is there any chance to get information how to find indicators of compromise (IOC)?
I mean I can update to 7.2.11 (I am currently on 7.2.10) but the used CVE's are older and I updated the fortigate before the publication of these CVE's, so there is a small chance to be compromised.
I just want to check if the fortigate is compromised, if yes, i will reinstall it. If no, I just update to 7.2.11 and have a happy life :)

Any ideas?

fg_muc · ‎04-17-2025

Hi,

I think the best option here is to contact the official Fortinet support via ticket.
They can also identify exactly which devices are affected and how to check for IoCs (if possible).

KR Fabian

"Latency is just your network being dramatic."

View solution in original post

fg_muc · ‎04-17-2025

Hi,

I think the best option here is to contact the official Fortinet support via ticket.
They can also identify exactly which devices are affected and how to check for IoCs (if possible).

KR Fabian

"Latency is just your network being dramatic."

UserOne · ‎04-22-2025

Hi Fabian,
Yes, done via Ticket. They sadly don't give more information at the moment how to check for IoCs.
BR
Steve

AshleyCole · ‎05-04-2025

Great proactive approach! Hopefully, it's all clear after checking!

symbolic link vulnerability

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website