Fortinet FortiOS SSL-VPN Flaw Was Exploited to Infect Government Systems
Fortinet says that an unknown threat actor exploited a critical flaw in its FortiOS SSL-VPN to infect systems at government and government-related organizations. Fortinet released a fix for the heap-based buffer overflow vulnerability (CVE-2022-42475) late last year. FortiOS SSL-VPN version 7.2.8 was released at the end of November; Fortinet published an advisory on December 12. …