virus logo Virus

Riskware/ProofConceptCVE202244877

description-logoAnalysis

Riskware/ProofConceptCVE202244877 is a detection for a POC for CVE-2022-44877.
This malware has been associated with the following third party article/advisory. 

https://nvd.nist.gov/vuln/detail/CVE-2022-44877
  • Following are some of the near/exact IOCs/file hash associated with this detection:
    • Md5: 6c6b70d74e35d8625d4dbbc4ac73a4ea
      Sha256: 390e9e38e2b0401d62428aaf55955e7376f6329e829d660ae06126ca452004bf

    • description-logoOutbreak Alert

    A command injection vulnerability that allows remote attackers to easily exploit CWP (Control Web Panel) with a crafted HTTP request which can result in Remote Code Execution. According to Shodan, there are thousands of servers that could still be vulnerable to CVE-2022-44877. This vulnerability can be leveraged to perform ransomware attacks or exfiltration of data.

    View the full Outbreak Alert Report

    recommended-action-logoRecommended Action

    • Make sure that your FortiGate/FortiClient system is using the latest AV database.
    • Quarantine/delete files that are detected and replace infected files with clean backup copies.

    Telemetry logoTelemetry

    Detection Availability

    FortiGate
    Extended
    FortiClient
    Extreme
    FortiAPS
    FortiAPU
    FortiMail
    Extreme
    FortiSandbox
    Extreme
    FortiWeb
    Extreme
    Web Application Firewall
    Extreme
    FortiIsolator
    Extreme
    FortiDeceptor
    Extreme
    FortiEDR

    Version Updates

    Date Version Detail
    2023-08-15 91.06054
    2023-01-18 90.09765
    ID 10120789
    Released Jan 19, 2023
    Description
    Updated    		 Jan 18, 2023
    Outbreak Alert CWP OS Command Injection
    Aliases ,,
    Platform Profile Riskware is a term for potentially unwanted or dangerous software programs that do not fall under Adware. They could be legitimate software applications that may be misused and pose possible security risks to users.