Advertisement
Top
image credit: Pexels

Critical FortiOS pre-auth RCE vulnerability exploited by attackers (CVE-2022-42475)

December 13, 2022

Via: Help Net Security
Category:

A critical RCE vulnerability (CVE-2022-42475) in Fortinet’s operating system, FortiOS, is being exploited by attackers, reportedly by a ransomware group.

“Fortinet is aware of an instance where this vulnerability was exploited in the wild,” the company said in an advisory published on Monday, but offered no specific details about the attack.

About CVE-2022-42475

CVE-2022-42475 is a heap-based buffer overflow vulnerability in FortiOS, and “may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests” and, in general, gain full control of vulnerable devices.

Read More on Help Net Security

RELATED PUBLICATIONS

Google fixed critical Chrome vulnerability CVE-2024-4058
Palo Alto Networks Warns of Exploited Firewall Vulnerability
Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

Latest Publications

Kaiser Permanente Discloses Data Breach Impacting 13.4 Million People
The Los Angeles County Department of Health Services disclosed a data breach
Sweden’s liquor supply severely impacted by ransomware attack on logistics company
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!