A critical zero-day vulnerability was found in multiple versions of Fortinet’s FortiOS SSL-VPN. CVE-2022-42475 was given a 9.3 on the common vulnerability scoring system and has been exploited in the wild at least once.
• Fortinet has released a patch for a critical zero-day security vulnerability affecting its FortiOS SSL-VPN product.
• The vulnerability could lead to remote code execution and is actively exploited.
• Fortinet urges customers to patch immediately.