CVE-2022-42475

Vulnerability Profile Updated 6 days ago
Download STIX
Preview STIX
The critical zero-day vulnerability, CVE-2022-42475, was discovered in FortiGate firewalls during an incident investigation by the vendor. This flaw in software design or implementation allows an unauthenticated attacker to execute arbitrary code on affected systems. The vulnerability is present in multiple versions of Fortinet's FortiOS and FortiProxy technologies. The discovery was made when researchers from the company found malware tied to this vulnerability in a public repository in December. The vulnerability was exploited by attackers aiming at accessing an unclassified military research network. It was reported that Chinese spies used the vulnerability in FortiGate appliances to deploy the Coathanger remote access Trojan (RAT) on Dutch defense networks. Other advanced persistent threat (APT) groups also exploited this heap-based buffer overflow vulnerability in FortiOS SSL-VPN to establish presence on targeted organizations' Fortinet firewall devices. US Cyber Command’s Cyber National Mission Force, the Cybersecurity and Infrastructure Security Agency, and the Federal Bureau of Investigation released a joint security alert warning that multiple government-backed hackers exploit vulnerabilities in Zoho ManageEngine ServiceDesk Plus and Fortinet firewalls to compromise targeted organizations. Researchers have published a report on a suspected China-nexus espionage campaign exploiting the FortiOS SSL-VPN vulnerability as early as October 2022. It remains unclear if the threat actor is tied to another intrusion group that was observed exploiting the same vulnerability in early January to install a Linux implant.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Exploit
Fortios
Fortinet
Manageengine
Chinese
Fortigate
Vpn
exploited
Mandiant
Linux
Malware
Implant
Espionage
Remote Code ...
CISA
Apt
Zero Day
Fortiproxy
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Coathangeris related to
2
Coathanger is a stealthy and persistent malware, discovered by Dutch intelligence and security services, used by Chinese hackers to infiltrate and exploit FortiGate systems. The initial intrusion began with the exploitation of CVE-2022-42475, a vulnerability in the system. According to a report issu
ContiUnspecified
1
Conti is a type of malware, specifically ransomware, that was used to exploit and damage computer systems. This malicious software could infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it could steal personal information, disrupt ope
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Volt TyphoonUnspecified
1
Volt Typhoon, a China-linked Advanced Persistent Threat (APT) group, has been identified as a significant threat actor in the realm of cybersecurity. Known for their strong operational security and obfuscation techniques, Volt Typhoon has managed to remain undetected within US infrastructure for sev
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
FollinaUnspecified
2
Follina, also known as CVE-2022-30190, is a notable software vulnerability that was discovered and exploited in the first half of 2022. This flaw, found in the Microsoft Windows Support Diagnostic Tool (MSDT), was weaponized by TA413, a cyber threat actor group with suspected ties to China. The grou
CVE-2022-47966Unspecified
2
CVE-2022-47966 is a critical vulnerability discovered in Zoho ManageEngine ServiceDesk Plus, a widely used IT management software. The flaw was exploited by malicious actors to gain unauthorized access to the organization's systems and networks. The exploitation started just five days after proof-of
CVE-2022-24682Unspecified
1
None
Source Document References
Information about the CVE-2022-42475 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
9 months ago
Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns
CERT-EU
5 months ago
Infographic: A History of Network Device Threats and What Lies Ahead | #ransomware | #cybercrime | National Cyber Security Consulting
DARKReading
3 months ago
Fortinet Warns of Yet Another Critical RCE Flaw
CSO Online
a year ago
55 zero-day flaws exploited last year show the importance of security risk management
Securityaffairs
a year ago
2022 Zero-Day exploitation continues at a worrisome pace
DARKReading
9 months ago
Iranian APT Hits US Aviation Org via ManageEngine, Fortinet Bugs
InfoSecurity-magazine
4 months ago
Chinese Spies Hack Dutch Networks With Novel Coathanger Malware
BankInfoSecurity
6 days ago
Dutch Agency Renews Warning of Chinese Fortigate Campaign
CERT-EU
9 months ago
Aviation sector organization hit by exploit of CVE duo | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
9 months ago
APTs hit aeronautic firms with Zoho and Fortinet bugs
CERT-EU
9 months ago
Cyber Security Week in Review: September 8, 2023
CERT-EU
9 months ago
SafeBreach Coverage for US-CERT Alert AA23-250A
CERT-EU
9 months ago
CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities
CERT-EU
9 months ago
Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 – Cybersafe NV
DARKReading
a year ago
Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products
CERT-EU
9 months ago
Google warns infoseccers getting N Korea's attention again
CERT-EU
4 months ago
Sensor Intel Series: Top CVEs in December 2023
CISA
9 months ago
MAR-10430311-1.v1 Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA
BruCERT
a year ago
Critical Vulnerability in FortiOS SSL-VPN Targeting Governments | BruCERT
Checkpoint
4 months ago
12th February – Threat Intelligence Report - Check Point Research