Company

ABOUT ESENTIRE

eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.

About Us →

Leadership →

Careers →

Event Calendar →

Newsroom →

Aston Villa Football Club →

EVENT CALENDAR

Apr

Elevate IT Technology Summit Tampa

Apr

ILTA Evolve

Apr

RSAC™ 2025 Conference

May

SIM Houston Women's Roundtable

May

Computing Cybersecurity Festival

View Calendar →

LATEST PRESS RELEASE

Mar 06, 2025

eSentire Unleashes AI-Driven Atlas Nexus Network, Empowering Cybersecurity Partners to Build Differentiated Security Services at Scale

View Newsroom →

OUR PARTNERSHIPS

Aston Villa Football Club

AVFC takes its cyber protection to the Next Level with eSentire as its official cybersecurity partner.

Learn More

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

eSentire is aware of reports of attacks in the wild exploiting the Fortinet FortiOS SSL-VPN vulnerability CVE-2022-42475 (CVSS: 9.3).

FortiGate Labs disclosed the vulnerability on December 12th. It is tracked as a remote execution of unauthorized code or commands vulnerability. Exploitation could allow a threat actor to gain initial access to victim organizations and spread laterally within the network.

While Fortinet has confirmed attacks in the wild, there is currently no public release of Proof-of-Concept (PoC) exploit code. However, upon release, the eSentire Threat Intelligence assesses with high confidence that it is expected to increase attacks in the immediate future. All organizations using Fortinet SSL-VPN are strongly recommended to apply the relevant security patches immediately to reduce the likelihood of exploitation.

What we’re doing about it

eSentire Managed Vulnerability Service (MVS) has plugins in place to identify this vulnerability
The eSentire Threat Response Unit (TRU) has performed threat hunts across the eSentire client base for known signs of exploitation
eSentire MDR for Log detections have been created and will be deployed shortly
The eSentire Threat Intelligence team is tracking this vulnerability for additional details and detection opportunities

What you should do about it

After performing a business impact review, apply the relevant security patches
Fortinet has released Indicators of Compromise (IoCs) that may be checked to validate if an attack, using known indicators, exploiting the vulnerability has occurred

Additional information

CVE-2022-42475 was initially patched for Fortinet in November 2022, although the vulnerability was not disclosed at the time. Fortinet only released information on the vulnerability after a French cybersecurity company publicly identified it on December 9th. Details on real-world exploitation have not been made public at this time.

eSentire has recently observed threat actors selling and buying compromised Fortinet devices in the darkweb markets. Sales of compromised Fortinet devices by hackers ranged from individual organizations to bulk purchases. At this time, it is unclear what vulnerability hackers are exploiting to gain access to these devices. It is possible the increase in darkweb marketplace offerings is related to CVE-2022-42475 exploitation or the October Fortinet authentication bypass vulnerability CVE-2022-40684.

Confirmed Vulnerable Products:

FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.10
FortiOS version 6.2.0 through 6.2.11
FortiOS version 6.0.0 through 6.0.15
FortiOS version 5.6.0 through 5.6.14
FortiOS version 5.4.0 through 5.4.13
FortiOS version 5.2.0 through 5.2.15
FortiOS version 5.0.0 through 5.0.14
FortiOS-6K7K version 7.0.0 through 7.0.7
FortiOS-6K7K version 6.4.0 through 6.4.9
FortiOS-6K7K version 6.2.0 through 6.2.11
FortiOS-6K7K version 6.0.0 through 6.0.14

References:

[1] https://www.fortiguard.com/psirt/FG-IR-22-398
[2] https://olympecyberdefense.fr/vpn-ssl-fortigate/
[3] https://www.esentire.com/security-advisories/actively-exploited-fortinet-authentication-bypass-vulnerability-cve-2022-40684

ESENTIRE SERVICES

Managed Detection and Response

All-In-One MDR Solution →

MDR for Microsoft →

MDR for GenAI →

Digital Forensics and Incident Response

Continuous Threat Exposure Management (CTEM)

PLATFORM, PEOPLE AND RESPONSE

Security Operations Center (SOC)

Extended Detection and Response (XDR)

Technology Integrations

Threat Response Unit (TRU)

Cyber Resilience Team

Response and Remediation

MDR Packages and 24/7 Protection

MDR Pricing and Packages

Atlas Essentials

Atlas Advanced

Atlas Complete

24/7 Coverage

Endpoint

Network

Log

Cloud

Identity

INDUSTRIES

Insurance

Construction

Finance

Legal

Manufacturing

Private Equity

Healthcare

Retail

Food Supply

Government and Education

Automotive Dealerships

USE CASES

Ransomware

Cybersecurity Compliance

Zero Day Attacks

Cloud Misconfiguration

Third-Party Risk

Do More With Less

Cyber Risk

Cyber Insurance

Sensitive Data Security

Security Leadership

Cyber Threat Intelligence

From The Blog

The Long and Short(cut) of It: KoiLoader Analysis

From Access to Encryption: Dissecting Hunters International's Latest…

eSentire and Qylis Form Strategic Partnership to Deliver Compliant…

Resources

Case Studies

TRU Intelligence Center

Cybersecurity Tools

Videos

Reports

Webinars

Data Sheets

Real vs. Fake MDR

Compare MDR Vendors

Blogs

Security Advisories

SECURITY ADVISORIES

CrushFTP Authentication Bypass

Critical Next.js Vulnerability (CVE-2025-29927)