Patch Now: Forti-OS Security Update for CVE-2022-42475
A critical heap overflow vulnerability in Fortinet FortiOS SSL VPN (CVE-2022-42475) was disclosed in December. Exploitation results in unauthenticated remote code execution via crafted requests. The flaw was observed being exploited to attack a Managed Service Provider, amongst other victims. In the cases examined by Mandiant, exploitation led to a BOLDMOVE malware infection on, and specifically designed for, Fortinet firewalls.
CISA warned of active exploitation of the flaw in December 2022 and encouraged application of the security update. Mandiant’s research concluded that exploitation could have been occurring as early as October of 2022. This Fortinet PSIRT is a PATCH NOW situation.
Read more here: https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw
-Kaseya Vulnerability Management Team