News item |: 12-12-2022 |: 7:16 p.m
Fortinet has identified a critical vulnerability in FortiOS SSL VPN functionality. NCSC recommends that you install security updates that become available as soon as possible.
Fortinet also shared Indicators of Compromise (IoC) that organizations can use to determine if their systems are compromised. We recommend that you check your systems for the presence of these IoCs. For more information, please refer to NCSC Security Advisory High/High Rating and Fortinet Advisory. On the latter you will also find an overview of the affected versions.
The vulnerability has been assigned the attribute CVE-2022-42475. Exploitation of the vulnerability could allow a malicious attacker to execute arbitrary code on a vulnerable system. In this way, the security of the company’s network is compromised. No need for malicious people to access it.
Fortinet is aware of one instance where this vulnerability has been exploited. NCSC expects the vulnerability to be exploited more frequently. History shows that VPN interfaces are a favorite target of abuse by malicious parties. These types of systems are generally located at the edge of a company’s network. They are used to allow remote users to access internal applications over the Internet. Therefore, vulnerabilities in VPN interfaces can be a starting point for network infiltration, after which other systems can also be compromised. Depending on the situation, a malicious person could, for example, gain access to sensitive information or launch a ransomware attack this way.