CVE-2022-42475

Vulnerability updated 5 months ago (2024-06-12T10:17:32.282Z)

Download STIX

Preview STIX

The critical zero-day vulnerability, CVE-2022-42475, was discovered in FortiGate firewalls during an incident investigation by the vendor. This flaw in software design or implementation allows an unauthenticated attacker to execute arbitrary code on affected systems. The vulnerability is present in multiple versions of Fortinet's FortiOS and FortiProxy technologies. The discovery was made when researchers from the company found malware tied to this vulnerability in a public repository in December. The vulnerability was exploited by attackers aiming at accessing an unclassified military research network. It was reported that Chinese spies used the vulnerability in FortiGate appliances to deploy the Coathanger remote access Trojan (RAT) on Dutch defense networks. Other advanced persistent threat (APT) groups also exploited this heap-based buffer overflow vulnerability in FortiOS SSL-VPN to establish presence on targeted organizations' Fortinet firewall devices. US Cyber Command’s Cyber National Mission Force, the Cybersecurity and Infrastructure Security Agency, and the Federal Bureau of Investigation released a joint security alert warning that multiple government-backed hackers exploit vulnerabilities in Zoho ManageEngine ServiceDesk Plus and Fortinet firewalls to compromise targeted organizations. Researchers have published a report on a suspected China-nexus espionage campaign exploiting the FortiOS SSL-VPN vulnerability as early as October 2022. It remains unclear if the threat actor is tied to another intrusion group that was observed exploiting the same vulnerability in early January to install a Linux implant.

Description last updated: 2024-06-12T10:15:39.487Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vulnerability

Exploit

Fortios

Fortinet

Manageengine

Chinese

Mandiant

exploited

Vpn

Fortigate

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Coathanger Malware is associated with CVE-2022-42475. Coathanger is a stealthy and persistent malware, discovered by Dutch intelligence and security services, used by Chinese hackers to infiltrate and exploit FortiGate systems. The initial intrusion began with the exploitation of CVE-2022-42475, a vulnerability in the system. According to a report issu	is related to	2
The Conti Malware is associated with CVE-2022-42475. Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. Often spreading through suspicious downloads, emails, or websites, it can steal personal information, disrupt operations, or hold data hostage for ransom. Notably, Conti was linked to several ra	has used	2

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2022-47966 Vulnerability is associated with CVE-2022-42475. CVE-2022-47966 is a critical vulnerability discovered in Zoho ManageEngine ServiceDesk Plus, a widely used IT management software. The flaw was exploited by malicious actors to gain unauthorized access to the organization's systems and networks. The exploitation started just five days after proof-of	Unspecified	2
The Follina Vulnerability is associated with CVE-2022-42475. Follina (CVE-2022-30190) is a software vulnerability that was discovered and exploited in the first half of 2022. It was weaponized by TA413, a malicious entity known for its cyber attacks, shortly after its discovery and publication. The vulnerability was used to target the Sophos Firewall product,	Unspecified	2

Source Document References

Information about the CVE-2022-42475 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	2 months ago	NoName Apparently Allies With RansomHub Operation
ESET	2 months ago	CosmicBeetle steps up: Probation period at RansomHub
InfoSecurity-magazine	5 months ago	Chinese FortiGate Espionage Campaign Snares 20,000+ Victims
BankInfoSecurity	5 months ago	Dutch Agency Renews Warning of Chinese Fortigate Campaign
DARKReading	8 months ago	Fortinet Warns of Yet Another Critical RCE Flaw
CERT-EU	9 months ago	Sensor Intel Series: Top CVEs in December 2023
Checkpoint	9 months ago	12th February – Threat Intelligence Report - Check Point Research
CISA	9 months ago	PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure \| CISA
InfoSecurity-magazine	9 months ago	Chinese Spies Hack Dutch Networks With Novel Coathanger Malware
Securityaffairs	9 months ago	China-linked APT deployed malware in a network of the Dutch Ministry of Defence
BankInfoSecurity	9 months ago	Chinese Hackers Penetrated Unclassified Dutch Network
CERT-EU	10 months ago	Infographic: A History of Network Device Threats and What Lies Ahead
CERT-EU	10 months ago	Infographic: A History of Network Device Threats and What Lies Ahead \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	a year ago	Sensor Intel Series: Top CVEs in October 2023
CERT-EU	a year ago	Sensor Intel Series: Top CVEs in August 2023 \| F5 Labs
BankInfoSecurity	a year ago	Feds Warn Health Sector of Lazarus Group Attacks
DARKReading	a year ago	Iranian APT Hits US Aviation Org via ManageEngine, Fortinet Bugs
Checkpoint	a year ago	11th September – Threat Intelligence Report - Check Point Research
CERT-EU	a year ago	Google warns infoseccers getting N Korea's attention again
CERT-EU	a year ago	APTs hit aeronautic firms with Zoho and Fortinet bugs