Fortinet Urges Customers to Patch Actively Exploited SSL-VPN Vulnerability
Threat actor leak reveals new Uber breach, Recently leaked Twitter data is from 2021, LockBit hits California finance department, Rackspace hit with two lawsuits over recent ransomware attack, more
Check out my latest CSO column, which examines whether robots are too insecure for lethal use by law enforcement.
Cybersecurity company Fortinet urges customers to patch their appliances against an actively exploited FortiOS SSL-VPN vulnerability that could allow unauthenticated remote code execution on devices.
First discovered by French cybersecurity company Olympe Cyberdéfense, the flaw (CVE-2022-42475) is a heap-based buffer overflow bug in FortiOS sslvpnd. When exploited, the flaw could allow unauthenticated users to crash devices remotely and perform code execution.
Olympe Cyberdefense suggests that if customers cannot patch the flaw, they should monitor logs, disable the VPN-SSL functionality, and create access rules to limit connections from specific IP addresses. (Lawrence Abrams / Bleeping Computer)
Related: Tenable Blog, Rapid7, Security Affairs, Security Week, Bleeping Computer, US-CERT Current, Decipher, Sensors Tech Forum, The Cyber Express, Cyber Kendra, The Stack, Fortigua…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.