Fortinet warns VPN users targeted by critical vulnerability

By Scott Marlette Last updated Jan 13, 2023

Hackers are actively targeting government organizations with malware and trojans, using known vulnerabilities in Fortinet VPN (opens in new tab) appliances.

This is according to Fortinet itself, which published a security advisory earlier this week, urging users to deploy the patch immediately. The flaw is tracked as CVE-2022-42475, and is described as a heap-based buffer overflow in the FortiOS SSLVPN. It allows abusers to both crash the vulnerable endpoint, and use it to gain remote code execution (RCE) abilities.

The patch has been available since late November last year. FortiOS 7.2.3 fixes the issue.

Highly targeted attacks

This is not the first time Fortinet has urged users to apply this specifc patch – it also issued a warning in mid-December 2022. This time around, Fortinet warned its customers that the flaw was being used to deploy a trojanized version of the PIS engine.

“The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets,” the warning reads. “The discovered Windows sample attributed to the attacker displayed artifacts of having been compiled on a machine in the UTC+8 timezone, which includes Australia, China, Russia, Singapore, and other Eastern Asian countries.”

threat actors put quite an effort into making sure they stay hidden, after compromising the endpoint.

Some of the malware installed on FortiOS patches the logging process, allowing attackers to remove specific log entries and thus erase any evidence of their existence. Furthermore, they’ve been installing malware that tampers with the endpoints’ Intrusion Prevention System (IPS) as well.

“The malware patches the logging processes of FortiOS to manipulate logs to evade detection,” Fortinet said. “The malware can manipulate log files. It searches for elog files, which are logs of events in FortiOS. After decompressing them in memory, it searches for a string the attacker specifies, deletes it, and reconstructs the logs.”

The best way to protect your premises from these attacks is to make sure your FortiOS is updated.

Via: BleepingComputer (opens in new tab)

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.