Fortinet says hackers exploited critical vulnerability to infect VPN customers

Fortinet says hackers exploited critical vulnerability to infect VPN customers

a year ago
Anonymous $_PGtSJbg8h

https://arstechnica.com/information-technology/2023/01/fortinet-says-hackers-exploited-critical-vulnerability-to-infect-vpn-customers/

An unknown threat actor abused a critical vulnerability in Fortinet’s FortiOS SSL-VPN to infect government and government-related organizations with advanced custom-made malware, the company said in an autopsy report on Wednesday.

Tracked as ​​CVE-2022-42475, the vulnerability is a heap-based buffer overflow that allows hackers to remotely execute malicious code. It carries a severity rating of 9.8 out of a possible 10. A maker of network security software, Fortinet fixed the vulnerability in version 7.2.3 released on November 28 but failed to make any mention of the threat in the release notes it published at the time.

Last Seen
45 minutes ago
Reputation
0
Spam
0.000
Last Seen
about an hour ago
Reputation
0
Spam
0.000
Last Seen
3 hours ago
Reputation
0
Spam
0.000
Last Seen
22 minutes ago
Reputation
0
Spam
0.000
Last Seen
about an hour ago
Reputation
0
Spam
0.000
Last Seen
53 minutes ago
Reputation
0
Spam
0.000
Last Seen
about an hour ago
Reputation
0
Spam
0.000
Last Seen
16 minutes ago
Reputation
0
Spam
0.000