Source |
CSO |
Identifiant |
8300961 |
Date de publication |
2023-01-13 12:01:00 (vue: 2023-01-13 21:06:08) |
Titre |
Attackers deploy sophisticated Linux implant on Fortinet network security devices |
Texte |
In December network security vendor Fortinet disclosed that a critical vulnerability in its FortiOS operating system was being exploited by attackers in the wild. This week, after additional analysis, the company released more details about a sophisticated malware implant that those attackers deployed through the flaw.Based on currently available information, the original zero-day attack was highly targeted to government-related entities. However, since the vulnerability has been known for over a month, all customers should patch it as soon as possible as more attackers could start using it.Remote code execution in FortiOS SSL-VPN
The vulnerability, tracked as CVE-2022-42475, is in the SSL-VPN functionality of FortiOS and can be exploited by remote attackers without authentication. Successful exploitation can result in the execution of arbitrary code and commands.To read this article in full, please click here |
Envoyé |
Oui |
Condensat |
2022 42475 about additional after all analysis arbitrary article attack attackers authentication available based been being can click code commands company could critical currently customers cve day december deploy deployed details devices disclosed entities execution exploitation exploited flaw fortinet fortios full functionality government has here highly however implant information its known linux malware month more network operating original over patch please possible read related released remote result security should since soon sophisticated ssl start successful system targeted those through tracked using vendor vpn vulnerability week wild without zero |
Tags |
Malware
Vulnerability
|
Stories |
|
Notes |
★★★
|
Move |
|