A zero-day vulnerability in FortiOS SSL-VPN was exploited by "unknown actors" 
in attacks targeting the government and other government-related organizations.
It's a heap-based buffer overflow flaw that allows hackers to remotely execute malicious code.
Fortinet didn’t disclose the vulnerability until December 12, when it warned that the vulnerability was under active exploit against at least one of its customers.
Sources:
thehackernews.com
www.helpnetsecurity.com
arstechnica.com
in attacks targeting the government and other government-related organizations.It's a heap-based buffer overflow flaw that allows hackers to remotely execute malicious code.
Fortinet didn’t disclose the vulnerability until December 12, when it warned that the vulnerability was under active exploit against at least one of its customers.
Sources:
FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations
A vulnerability in FortiOS SSL-VPN was exploited by hackers as a zero-day to attack government agencies and large organizations before Fortinet fixed
thehackernews.com
FortiOS flaw was exploited to compromise governmental targets (CVE-2022-42475) - Help Net Security
CVE-2022-42475 has been exploited by attackers to compromise governmental or government-related targets, the company has shared.
www.helpnetsecurity.com
Fortinet says hackers exploited critical vulnerability to infect VPN customers
Remote code-execution bug was exploited to backdoor vulnerable servers.
arstechnica.com
