In December network security vendor Fortinet disclosed that a critical vulnerability in its FortiOS operating system was being exploited by attackers in the wild. This week, after additional analysis, the company released more details about a sophisticated malware implant that those attackers deployed through the flaw.
Based on currently available information, the original zero-day attack was highly targeted to government-related entities. However, since the vulnerability has been known for over a month, all customers should patch it as soon as possible as more attackers could start using it.
The vulnerability, tracked as CVE-2022-42475, is in the SSL-VPN functionality of FortiOS and can be exploited by remote attackers without authentication. Successful exploitation can result in the execution of arbitrary code and commands.
