Riskware/ProofConceptCVE202244877
Analysis
Riskware/ProofConceptCVE202244877 is a detection for a POC for CVE-2022-44877.
This malware has been associated with the following third party article/advisory.
https://nvd.nist.gov/vuln/detail/CVE-2022-44877
- Md5: 6c6b70d74e35d8625d4dbbc4ac73a4ea
Sha256: 390e9e38e2b0401d62428aaf55955e7376f6329e829d660ae06126ca452004bf
Outbreak Alert
A command injection vulnerability that allows remote attackers to easily exploit CWP (Control Web Panel) with a crafted HTTP request which can result in Remote Code Execution. According to Shodan, there are thousands of servers that could still be vulnerable to CVE-2022-44877. This vulnerability can be leveraged to perform ransomware attacks or exfiltration of data.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
Extreme | |
FortiAPS | |
FortiAPU | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |