Security News > 2022 > December > Critical FortiOS pre-auth RCE vulnerability exploited by attackers (CVE-2022-42475)
2022-12-13 10:34
A critical RCE vulnerability in Fortinet's operating system, FortiOS, is being exploited by attackers, reportedly by a ransomware group.
FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, and 6.2.0 through 6.2.11.
FortiOS-6K7K version 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2.0 through 6.2.11, and 6.0.0 through 6.0.14.
FortiOS vulnerabilities are often exploited by attackers.
FortiOS version 7.2.3 or above, 7.0.9 or above, 6.4.11 or above, and 6.2.12 or above.
FortiOS-6K7K version 7.0.8 or above, 6.4.10 or above, 6.2.12 or above, and 6.0.15 or above.
News URL
https://www.helpnetsecurity.com/2022/12/13/cve-2022-42475/
Related news
- Apache issues patches for critical Struts 2 RCE bug (source)
- Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)