CVE-2022-42475

Vulnerability updated 7 days ago (2024-11-29T14:18:36.099Z)
Download STIX
Preview STIX
The critical zero-day vulnerability, CVE-2022-42475, was discovered in FortiGate firewalls during an incident investigation by the vendor. This flaw in software design or implementation allows an unauthenticated attacker to execute arbitrary code on affected systems. The vulnerability is present in multiple versions of Fortinet's FortiOS and FortiProxy technologies. The discovery was made when researchers from the company found malware tied to this vulnerability in a public repository in December. The vulnerability was exploited by attackers aiming at accessing an unclassified military research network. It was reported that Chinese spies used the vulnerability in FortiGate appliances to deploy the Coathanger remote access Trojan (RAT) on Dutch defense networks. Other advanced persistent threat (APT) groups also exploited this heap-based buffer overflow vulnerability in FortiOS SSL-VPN to establish presence on targeted organizations' Fortinet firewall devices. US Cyber Command’s Cyber National Mission Force, the Cybersecurity and Infrastructure Security Agency, and the Federal Bureau of Investigation released a joint security alert warning that multiple government-backed hackers exploit vulnerabilities in Zoho ManageEngine ServiceDesk Plus and Fortinet firewalls to compromise targeted organizations. Researchers have published a report on a suspected China-nexus espionage campaign exploiting the FortiOS SSL-VPN vulnerability as early as October 2022. It remains unclear if the threat actor is tied to another intrusion group that was observed exploiting the same vulnerability in early January to install a Linux implant.
Description last updated: 2024-06-12T10:15:39.487Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Exploit
Fortios
Fortinet
Manageengine
Chinese
Mandiant
exploited
Vpn
Fortigate
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Coathanger Malware is associated with CVE-2022-42475. Coathanger is a stealthy and persistent malware, discovered by Dutch intelligence and security services, used by Chinese hackers to infiltrate and exploit FortiGate systems. The initial intrusion began with the exploitation of CVE-2022-42475, a vulnerability in the system. According to a report issuis related to
2
The Conti Malware is associated with CVE-2022-42475. Conti is a type of malware, specifically ransomware, which is designed to infiltrate and damage computer systems. This malicious software can enter systems through various methods such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personahas used
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2022-47966 Vulnerability is associated with CVE-2022-42475. CVE-2022-47966 is a critical vulnerability discovered in Zoho ManageEngine ServiceDesk Plus, a widely used IT management software. The flaw was exploited by malicious actors to gain unauthorized access to the organization's systems and networks. The exploitation started just five days after proof-ofUnspecified
2
The Follina Vulnerability is associated with CVE-2022-42475. Follina (CVE-2022-30190) is a software vulnerability that was discovered and exploited in the first half of 2022. It was weaponized by TA413, a malicious entity known for its cyber attacks, shortly after its discovery and publication. The vulnerability was used to target the Sophos Firewall product,Unspecified
2
Source Document References
Information about the CVE-2022-42475 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
3 months ago
ESET
3 months ago
InfoSecurity-magazine
6 months ago
BankInfoSecurity
6 months ago
DARKReading
9 months ago
CERT-EU
10 months ago
Checkpoint
10 months ago
CISA
10 months ago
InfoSecurity-magazine
10 months ago
Securityaffairs
10 months ago
BankInfoSecurity
10 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
DARKReading
a year ago
Checkpoint
a year ago
CERT-EU
a year ago
CERT-EU
a year ago