Security News > 2023 > January > Fortinet: Govt networks targeted with now-patched SSL-VPN zero-day
Fortinet says unknown attackers exploited a FortiOS SSL-VPN zero-day vulnerability patched last month in attacks against government organizations and government-related targets.
The security flaw abused in these incidents is a heap-based buffer overflow weakness found in the FortiOS SSLVPNd that allowed unauthenticated attackers to crash targeted devices remotely or gain remote code execution.
This Wednesday, Fortinet published a follow-up report revealing that attackers were using CVE-2022-42475 exploits to compromise FortiOS SSL-VPN appliances to deploy malware deployed as a trojanized version of the IPS Engine.
The company said the threat actor's attacks were highly targeted, with evidence found during analysis showing a focus on government networks.
The attackers were heavily focused on maintaining persistence and evading detection by using the vulnerability to install malware that patches FortiOS logging processes so that specific log entries could be removed, or to even kill the logging processes if necessary.
It also advised customers to immediately upgrade to a patched version of FortiOS to block attack attempts and reach out to Fortinet support if they find indicators of compromise linked to the December attacks.
News URL
Related news
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost (source)
- Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials (source)
- China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer (source)
- Fortinet VPN design flaw hides successful brute-force attacks (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-02 | CVE-2022-42475 | Out-of-bounds Write vulnerability in Fortinet Fortios A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. | 9.8 |