Fortinet warns VPN users targeted by critical vulnerability

VPN-illustrasjon
(Image credit: Getty Images)

Hackers are actively targeting government organizations with malware and trojans, using known vulnerabilities in Fortinet VPN appliances. 

This is according to Fortinet itself, which published a security advisory earlier this week, urging users to deploy the patch immediately. The flaw is tracked as CVE-2022-42475, and is described as a heap-based buffer overflow in the FortiOS SSLVPN. It allows abusers to both crash the vulnerable endpoint, and use it to gain remote code execution (RCE) abilities.

The patch has been available since late November last year. FortiOS 7.2.3 fixes the issue.

Highly targeted attacks

This is not the first time Fortinet has urged users to apply this specifc patch - it also issued a warning in mid-December 2022.  This time around, Fortinet warned its customers that the flaw was being used to deploy a trojanized version of the PIS engine. 

"The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets," the warning reads. "The discovered Windows sample attributed to the attacker displayed artifacts of having been compiled on a machine in the UTC+8 timezone, which includes Australia, China, Russia, Singapore, and other Eastern Asian countries."

threat actors put quite an effort into making sure they stay hidden, after compromising the endpoint. 

Some of the malware installed on FortiOS patches the logging process, allowing attackers to remove specific log entries and thus erase any evidence of their existence. Furthermore, they’ve been installing malware that tampers with the endpoints’ Intrusion Prevention System (IPS) as well.

"The malware patches the logging processes of FortiOS to manipulate logs to evade detection," Fortinet said. "The malware can manipulate log files. It searches for elog files, which are logs of events in FortiOS. After decompressing them in memory, it searches for a string the attacker specifies, deletes it, and reconstructs the logs."

The best way to protect your premises from these attacks is to make sure your FortiOS is updated. 

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Best free Linux firewalls
Fortinet warns a critical vulnerability in its systems could let attackers breach company networks
vpn
Ivanti warns another critical security flaw is being attacked
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
The best free firewall
Palo Alto warns another major firewall hack has been detected
Digital image of a lock.
Fortinet flags some worrying security bugs coming back from the dead
A VPN runs on a mobile phone placed on a laptop keyboard
SonicWall firewalls hit by worrying cyberattack
Latest in VPN Privacy & Security
Close up of PS5 DualSense controller leaning on a PS5
5 reasons your PS5 needs a VPN
Tor
What is Onion over VPN?
 In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
PrivadoVPN running on an iPhone during TechRadar's VPN tests
Why PrivadoVPN Free is still the best free VPN for streaming
Homepage of CloudFlare website on the display of PC, url - CloudFlare.com.
"Network blocking is never going to be the solution" – Cloudflare slams anti-piracy tactics
Panels at RightsCon 2025 during a press briefing about the latest Access Now report of internet shutdowns
2024 was the worst year on record for internet freedoms – again
Latest in News
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock