Project Hyphae
Search

New FortiOS SSL-VPN vulnerability

Share This Post

Fortinet released PSIRT Advisory on December 12, 2022 for its FortiOS SSL-VPN summarizing a vulnerability that could potentially allow for remote code execution and crash devices. This vulnerability has a CVSSv3 score of 9.3 and is being actively exploited. Users should update FortiOS devices to address.

Additionally, Fortinet has released IOCs seen in this attack. If you can’t update (or even if you have), be sure to threat hunt to make sure you have not been a target.

Multiple log entries with:
Logdesc=”Application crashed” and msg=”[…] application:sslvpnd,[…], Signal 11 received, Backtrace: […]“

Presence of the following artifacts in the filesystem:
/data/lib/libips.bak
/data/lib/libgif.so
/data/lib/libiptcp.so
/data/lib/libipudp.so
/data/lib/libjepg.so
/var/.sslvpnconfigbk
/data/etc/wxd.conf
/flash

Connections to suspicious IP addresses from the FortiGate:
188.34.130[.]40:444
103.131.189[.]143:30080,30081,30443,20443
192.36.119[.]61:8443,444
172.247.168[.]153:8033

Additional Resources:
https://www.bleepingcomputer.com/news/security/fortinet-says-ssl-vpn-pre-auth-rce-bug-is-exploited-in-attacks/
https://www.opencve.io/cve/CVE-2022-35843



Reach out to our incident response team for help

More To Explore
Threats

Mini Shai-Hulud: The Worm That Ate npm

Fear Is the Dependency Killer. The “Mini Shai-Hulud” attack highlights how modern software supply chain threats are evolving beyond stolen developer credentials into direct compromise

Ben Hall May 12, 2026

Information Security News – 5/11/26

Hackers Steal Students’ Data During Breach at Education Tech Giant Instructure Article Link: https://techcrunch.com/2026/05/05/hackers-steal-students-data-during-breach-at-education-  tech-giant-instructure/ DigiCert Revokes Certificates After Support Portal Hack Article Link: https://www.securityweek.com/digicert-revokes-certificates-after-support-portal-hack/

Aaron Rhoads May 11, 2026

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.