CVE-2022-42475

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
The critical zero-day vulnerability, CVE-2022-42475, was discovered in FortiGate firewalls during an incident investigation by the vendor. This flaw in software design or implementation allows an unauthenticated attacker to execute arbitrary code on affected systems. The vulnerability is present in multiple versions of Fortinet's FortiOS and FortiProxy technologies. The discovery was made when researchers from the company found malware tied to this vulnerability in a public repository in December. The vulnerability was exploited by attackers aiming at accessing an unclassified military research network. It was reported that Chinese spies used the vulnerability in FortiGate appliances to deploy the Coathanger remote access Trojan (RAT) on Dutch defense networks. Other advanced persistent threat (APT) groups also exploited this heap-based buffer overflow vulnerability in FortiOS SSL-VPN to establish presence on targeted organizations' Fortinet firewall devices. US Cyber Command’s Cyber National Mission Force, the Cybersecurity and Infrastructure Security Agency, and the Federal Bureau of Investigation released a joint security alert warning that multiple government-backed hackers exploit vulnerabilities in Zoho ManageEngine ServiceDesk Plus and Fortinet firewalls to compromise targeted organizations. Researchers have published a report on a suspected China-nexus espionage campaign exploiting the FortiOS SSL-VPN vulnerability as early as October 2022. It remains unclear if the threat actor is tied to another intrusion group that was observed exploiting the same vulnerability in early January to install a Linux implant.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Exploit
Fortios
Chinese
Manageengine
Fortinet
Mandiant
Vpn
Fortigate
exploited
Espionage
CISA
Remote Code ...
Zero Day
Fortiproxy
Implant
Linux
Malware
Apt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Coathangeris related to
2
Coathanger is a stealthy and persistent malware, discovered by Dutch intelligence and security services, used by Chinese hackers to infiltrate and exploit FortiGate systems. The initial intrusion began with the exploitation of CVE-2022-42475, a vulnerability in the system. According to a report issu
ContiUnspecified
1
Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Volt TyphoonUnspecified
1
Volt Typhoon, a threat actor linked to China, has been identified as a significant cyber threat with strong operational security. Known for their sophisticated Advanced Persistent Threat (APT) activities, this group has been associated with the KV-Botnet and has remained undetected within U.S. infra
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2022-47966Unspecified
2
CVE-2022-47966 is a critical vulnerability discovered in Zoho ManageEngine ServiceDesk Plus, a widely used IT management software. The flaw was exploited by malicious actors to gain unauthorized access to the organization's systems and networks. The exploitation started just five days after proof-of
FollinaUnspecified
2
Follina, also known as CVE-2022-30190, is a notable software vulnerability that was discovered and exploited in the first half of 2022. This flaw, found in the Microsoft Windows Support Diagnostic Tool (MSDT), was weaponized by TA413, a cyber threat actor group with suspected ties to China. The grou
CVE-2022-24682Unspecified
1
None
Source Document References
Information about the CVE-2022-42475 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
InfoSecurity-magazine
a month ago
Chinese FortiGate Espionage Campaign Snares 20,000+ Victims
BankInfoSecurity
a month ago
Dutch Agency Renews Warning of Chinese Fortigate Campaign
DARKReading
4 months ago
Fortinet Warns of Yet Another Critical RCE Flaw
CERT-EU
5 months ago
Sensor Intel Series: Top CVEs in December 2023
Checkpoint
5 months ago
12th February – Threat Intelligence Report - Check Point Research
CISA
5 months ago
PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure | CISA
InfoSecurity-magazine
6 months ago
Chinese Spies Hack Dutch Networks With Novel Coathanger Malware
Securityaffairs
6 months ago
China-linked APT deployed malware in a network of the Dutch Ministry of Defence
BankInfoSecurity
6 months ago
Chinese Hackers Penetrated Unclassified Dutch Network
CERT-EU
7 months ago
Infographic: A History of Network Device Threats and What Lies Ahead
CERT-EU
7 months ago
Infographic: A History of Network Device Threats and What Lies Ahead | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
8 months ago
Sensor Intel Series: Top CVEs in October 2023
CERT-EU
10 months ago
Sensor Intel Series: Top CVEs in August 2023 | F5 Labs
BankInfoSecurity
10 months ago
Feds Warn Health Sector of Lazarus Group Attacks
DARKReading
10 months ago
Iranian APT Hits US Aviation Org via ManageEngine, Fortinet Bugs
Checkpoint
a year ago
11th September – Threat Intelligence Report - Check Point Research
CERT-EU
a year ago
Google warns infoseccers getting N Korea's attention again
CERT-EU
a year ago
APTs hit aeronautic firms with Zoho and Fortinet bugs
CERT-EU
a year ago
SafeBreach Coverage for US-CERT Alert AA23-250A
CERT-EU
a year ago
Aviation sector organization hit by exploit of CVE duo | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting