Severe Vulnerability Found in Fortinet SSL VPN
Fortinet has fixed a serious vulnerability in FortiOS SSL VPN functionality. The NCSC recommends installing the security updates that have been made available as soon as possible.
Fortinet has also shared Indicators-of-Compromise (IoCs) that organizations can use to determine if their systems have been compromised. We recommend checking your systems for the presence of these IoCs. For more information, please refer to the NCSC security advisory with grading High/High and the advisory from Fortinet . You will also find an overview of the affected versions on the latter.
The vulnerability has been assigned the attribute CVE-2022-42475. Exploiting the vulnerability could allow a malicious attacker to execute arbitrary code on the vulnerable system. In this way, the security of the company network is broken. Malicious people do not need to be logged in for this.
Fortinet is aware of one case where this vulnerability has been exploited. The NCSC expects the vulnerability to be exploited more often. History shows that VPN interfaces are a favorite target for abuse by malicious parties. These types of systems are generally located at the edge of a company network. They are used to allow remote users to access internal applications over the Internet. Vulnerabilities in VPN interfaces can therefore provide a starting point to penetrate a network, potentially compromising other systems as well. Depending on the situation, a malicious person can, for example, gain access to sensitive information or carry out a ransomware attack in this way.