Project Hyphae
Search

New FortiOS SSL-VPN vulnerability

Share This Post

Fortinet released PSIRT Advisory on December 12, 2022 for its FortiOS SSL-VPN summarizing a vulnerability that could potentially allow for remote code execution and crash devices. This vulnerability has a CVSSv3 score of 9.3 and is being actively exploited. Users should update FortiOS devices to address.

Additionally, Fortinet has released IOCs seen in this attack. If you can’t update (or even if you have), be sure to threat hunt to make sure you have not been a target.

Multiple log entries with:
Logdesc=”Application crashed” and msg=”[…] application:sslvpnd,[…], Signal 11 received, Backtrace: […]“

Presence of the following artifacts in the filesystem:
/data/lib/libips.bak
/data/lib/libgif.so
/data/lib/libiptcp.so
/data/lib/libipudp.so
/data/lib/libjepg.so
/var/.sslvpnconfigbk
/data/etc/wxd.conf
/flash

Connections to suspicious IP addresses from the FortiGate:
188.34.130[.]40:444
103.131.189[.]143:30080,30081,30443,20443
192.36.119[.]61:8443,444
172.247.168[.]153:8033

Additional Resources:
https://www.bleepingcomputer.com/news/security/fortinet-says-ssl-vpn-pre-auth-rce-bug-is-exploited-in-attacks/
https://www.opencve.io/cve/CVE-2022-35843



Reach out to our incident response team for help

More To Explore

Information Security News – 6/15/26

Oracle PeopleSoft Servers Hacked in ShinyHunters Data Theft Attacks Article Link: https://www.bleepingcomputer.com/news/security/oracle-peoplesoft-servers-hacked-in-shinyhunters-data-theft-attacks/ Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code Article Link: https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html

Aaron Rhoads June 15, 2026

Information Security News – 6/8/26

CISA Warns of Active Attacks Exploiting Android, Linux Bugs Article Link: https://www.bleepingcomputer.com/news/security/cisa-warns-of-active-attacks-exploiting-android-linux-bugs/ Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT Article Link:

Aaron Rhoads June 8, 2026

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.