Active exploitation of the Fortinet pre-auth RCE vulnerability

Threat Level – Red | Vulnerability Report
Download PDF

Fortinet has addressed a critical security flaw in its FortiOS SSL-VPN product, which is being actively exploited in the wild. The heap-based buffer overflow bug in FortiOS sslvpnd is listed as CVE-2022-42475 and results from a boundary error in the sslvpnd daemon. When exploited maliciously, the issue might enable unauthenticated attackers to remotely crash devices and perhaps execute arbitrary code.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox