Fortinet released PSIRT Advisory on December 12, 2022 for its FortiOS SSL-VPN summarizing a vulnerability that could potentially allow for remote code execution and crash devices. This vulnerability has a CVSSv3 score of 9.3 and is being actively exploited. Users should update FortiOS devices to address.
Additionally, Fortinet has released IOCs seen in this attack. If you can’t update (or even if you have), be sure to threat hunt to make sure you have not been a target.
Multiple log entries with:
Logdesc=”Application crashed” and msg=”[…] application:sslvpnd,[…], Signal 11 received, Backtrace: […]“
Presence of the following artifacts in the filesystem:
Connections to suspicious IP addresses from the FortiGate: