Fortinet warned organizations on Wednesday that APTs linked to China and other countries have been exploiting two known FortiOS vulnerabilities in attacks aimed at various sectors, including critical infrastructure.
One of the exploited vulnerabilities is CVE-2022-42475, which Fortinet patched in December 2022, when it warned that it had been aware of in-the-wild exploitation. Chinese threat actors had exploited the flaw as a zero-day in attacks aimed at government and other types of organizations.
The second vulnerability described in Fortinet’s new warning is CVE-2023-27997, which came to light in June 2023, when the cybersecurity firm informed customers that it had been exploited as a zero-day in limited attacks.
[...]
Fortinet: APTs Exploiting FortiOS Vulnerabilities in Critical Infrastructure Attacks
Fortinet: APTs Exploiting FortiOS Vulnerabilities in Critical Infrastructure Attacks
-
rbc
- President
- Posts: 285
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
Fortinet: APTs Exploiting FortiOS Vulnerabilities in Critical Infrastructure Attacks
Robert B. Carleton + ISC2 Central Mississippi President