Fortinet announces that the CVE-2022-42475 vulnerability, discovered last month in its FortiOS operating system, has been exploited by remote attackers without authentication. Its criticality rating is 9.3/10 on the scale of Common vulnerability rating system (CVSS).
The affected FortiOS versions range from 6.0.5 to 7.2.1. These versions are included in the FG100F, FG101F, FG200D, FG200E, FG201F, FG240D, FG3H0E, FG5H0E, FG6H1E, FG800D, FGT5HD, FGT60F and FGT80F models.
To perform their attack zero daythe attackers copied a malicious version of FortiOS IPS into the file system. “If libps.bak in the /data/lib directory is named libips.so, malicious code will automatically run because FortiOS components call these exported functions.”says Fortinet in a safety notice. malware ‘patch’ FortiOS logging processes and manipulates or destroys logs to evade detection.
The supplier states that an update is available and should be installed as soon as possible. Customers who cannot deploy it immediately are advised to completely disable SSL VPN on their devices. Fortinet has also released an Intrusion Prevention IPS signature to detect exploit attempts and detection rules for its antivirus engine.
Total web buff. Student. Tv enthusiast. Evil thinker. Travelaholic. Proud bacon guru.
;Composite=(type=URL,url=https://images.radio-canada.ca/v1/assets/elements/16x9/outdated-content-2013.png),gravity=SouthEast,placement=Over,location=(0,0),scale=1)