A critical vulnerability in FortiOS SSL-VPN (CVE-2022-42475) that Fortinet has issued patches for in November 2022 has been exploited by attackers to compromise governmental or government-related targets, the company has shared. Fortinet says the attackers have advanced capabilities: they were able to reverse-engineer various parts of FortiOS to help them with the creation of the exploit, and use a Linux-based implant that was custom-made to run on that operating system. They also pointed out that … More
The post FortiOS flaw was exploited to compromise governmental targets (CVE-2022-42475) appeared first on Help Net Security.
