Zero-day vulnerablity in FortiOS SSL VPN

A zero-day vulnerability in FortiOS SSL VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting the government and other large organizations.”

“The attacks entailed the exploitation of CVE-2022-42475, a heap-based buffer overflow flaw that could enable an unauthenticated remote attacker to execute arbitrary code via specifically crafted requests.”