Security News > 2022 > December > Critical FortiOS pre-auth RCE vulnerability exploited by attackers (CVE-2022-42475)
A critical RCE vulnerability in Fortinet's operating system, FortiOS, is being exploited by attackers, reportedly by a ransomware group.
FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, and 6.2.0 through 6.2.11.
FortiOS-6K7K version 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2.0 through 6.2.11, and 6.0.0 through 6.0.14.
FortiOS vulnerabilities are often exploited by attackers.
FortiOS version 7.2.3 or above, 7.0.9 or above, 6.4.11 or above, and 6.2.12 or above.
FortiOS-6K7K version 7.0.8 or above, 6.4.10 or above, 6.2.12 or above, and 6.0.15 or above.
News URL
https://www.helpnetsecurity.com/2022/12/13/cve-2022-42475/
Related news
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- GitLab warns of critical pipeline execution vulnerability (source)
- D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (source)
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- Broadcom fixes critical RCE bug in VMware vCenter Server (source)
- Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks (source)
- CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns (source)