Security News > 2022 > December > Critical FortiOS pre-auth RCE vulnerability exploited by attackers (CVE-2022-42475)
2022-12-13 10:34
A critical RCE vulnerability in Fortinet's operating system, FortiOS, is being exploited by attackers, reportedly by a ransomware group.
FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, and 6.2.0 through 6.2.11.
FortiOS-6K7K version 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2.0 through 6.2.11, and 6.0.0 through 6.0.14.
FortiOS vulnerabilities are often exploited by attackers.
FortiOS version 7.2.3 or above, 7.0.9 or above, 6.4.11 or above, and 6.2.12 or above.
FortiOS-6K7K version 7.0.8 or above, 6.4.10 or above, 6.2.12 or above, and 6.0.15 or above.
News URL
https://www.helpnetsecurity.com/2022/12/13/cve-2022-42475/
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Lightning AI Studio Vulnerability Could've Allowed RCE via Hidden URL Parameter (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)