A critical RCE vulnerability (CVE-2022-42475) in Fortinet’s operating system, FortiOS, is being exploited by attackers, reportedly by a ransomware group.
“Fortinet is aware of an instance where this vulnerability was exploited in the wild,” the company said in an advisory published on Monday, but offered no specific details about the attack.
About CVE-2022-42475
CVE-2022-42475 is a heap-based buffer overflow vulnerability in FortiOS, and “may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests” and, in general, gain full control of vulnerable devices.