Fortinet warns VPN users targeted by critical vulnerability

Hackers actively target government organizations with malware and Trojans, using known vulnerabilities in Fortinet VPN (Opens in a new tab) hardware.

This is according to Fortinet itself, which posted a security warning earlier this week, urging users to deploy the patch immediately. The flaw is tracked as CVE-2022-42475, and is described as a heap-based buffer overrun in FortiOS SSLVPN. Allows abusers to disable a compromised endpoint and use it to gain remote code execution (RCE) capabilities.

Leave a Comment