{"id":50096,"date":"2023-01-13T14:34:17","date_gmt":"2023-01-13T14:34:17","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34221\/Critical-Vulnerability-Gets-Fortinet-VPN-Customers-Infected.html"},"modified":"2023-01-13T14:34:17","modified_gmt":"2023-01-13T14:34:17","slug":"critical-vulnerability-gets-fortinet-vpn-customers-infected","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/","title":{"rendered":"Critical Vulnerability Gets Fortinet VPN Customers Infected"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2016\/01\/fortigate-640x388.jpg\" alt=\"A cake made to resemble FortiGate hardware.\"><figcaption class=\"caption\"><\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a title=\"0 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2023\/01\/fortinet-says-hackers-exploited-critical-vulnerability-to-infect-vpn-customers\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">42<\/span> <span class=\"visually-hidden\"> with 0 posters participating<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p> <!-- cache hit 85:single\/related:a4bbe32169270232357f1b0dc12eb5e1 --><!-- empty --><\/p>\n<p>An unknown threat actor abused a critical vulnerability in Fortinet\u2019s FortiOS SSL-VPN to infect government and government-related organizations with advanced custom-made malware, the company said in an autopsy report on Wednesday.<\/p>\n<p>Tracked as \u200b\u200bCVE-2022-42475, the vulnerability is a heap-based buffer overflow that allows hackers to remotely execute malicious code. It carries a severity rating of 9.8 out of a possible 10. A maker of network security software, Fortinet fixed the vulnerability in version <a href=\"https:\/\/docs.fortinet.com\/document\/fortigate\/7.2.3\/fortios-release-notes\/236526\/known-issues\">7.2.3<\/a> released on November 28 but failed to make any mention of the threat in the release notes it published at the time.<\/p>\n<h2>Mum\u2019s the word<\/h2>\n<p>Fortinet didn\u2019t disclose the vulnerability until December 12, when it <a href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-22-398\">warned<\/a> that the vulnerability was under active exploit against at least one of its customers. The company urged customers to ensure they were running the patched version of the software and to search their networks for signs the vulnerability had been exploited on their networks. FortiOS SSL-VPNs are used mainly in border firewalls, which cordon off sensitive internal networks from the public Internet.<\/p>\n<p>On Wednesday, Fortinet provided a more detailed account of the exploit activity and the threat actor behind it. The post, however, provided no explanation for the failure to disclose the vulnerability when it was fixed in November. A company spokesperson declined to answer questions sent by email about the failure or what the company\u2019s policy is for disclosure of vulnerabilities.<\/p>\n<p>\u201cThe complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets,\u201d Fortinet officials wrote in Wednesday\u2019s update. They continued:<\/p>\n<blockquote>\n<ul>\n<li aria-level=\"1\">The exploit requires a deep understanding of FortiOS and the underlying hardware.<\/li>\n<li aria-level=\"1\">The use of custom implants shows that the actor has advanced capabilities, including reverse-engineering various parts of FortiOS.<\/li>\n<li aria-level=\"1\">The actor is highly targeted, with some hints of preferred governmental or government-related targets.<\/li>\n<li aria-level=\"1\">The discovered Windows sample attributed to the attacker displayed artifacts of having been compiled on a machine in the UTC+8 timezone, which includes Australia, China, Russia, Singapore, and other Eastern Asian countries.<\/li>\n<li aria-level=\"1\">The self-signed certificates created by the attackers were all created between 3 and 8 am UTC. However, it is difficult to draw any conclusions from this given hackers do not necessarily operate during office hours and will often operate during victim office hours to help obfuscate their activity with general network traffic.<\/li>\n<\/ul>\n<\/blockquote>\n<p>An analysis Fortinet performed on one of the infected servers showed that the threat actor used the vulnerability to install a variant of a known Linux-based implant that had been customized to run on top of the FortiOS. To remain undetected, the post-exploit malware disabled certain logging events once it was installed. The implant was installed in \/data\/lib\/libips.bak path. The file may be masquerading as part of Fortinet\u2019s IPS Engine, located at \/data\/lib\/libips.so. The file \/data\/lib\/libips.so was also present but had a file size of zero.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>After emulating the implant\u2019s execution, Fortinet researchers discovered a unique string of bytes in its communication with command-and-control servers that can be used for a signature in intrusion-prevention systems. The buffer \u201c\\x00\\x0C\\x08http\/1.1\\x02h2\\x00\\x00\\x00\\x14\\x00\\x12\\x00\\x00\\x0Fwww.example.com\u201d (unescaped) will appear inside the \u201cClient Hello\u201d packet.<\/p>\n<p>Other signs a server has been targeted include connections to a variety of IP addresses, including 103[.]131[.]189[.]143, and the following TCP sessions:<\/p>\n<ul>\n<li aria-level=\"1\">Connections to the FortiGate on port 443<\/li>\n<li aria-level=\"1\">Get request for \/remote\/login\/lang=en<\/li>\n<li aria-level=\"1\">Post request to remote\/error<\/li>\n<li aria-level=\"1\">Get request to payloads<\/li>\n<li aria-level=\"1\">Connection to execute command on the FortiGate<\/li>\n<li aria-level=\"1\">Interactive shell session.<\/li>\n<\/ul>\n<p>The autopsy includes a variety of other indicators of compromise. Organizations that use the FortiOS SSL-VPN should read it carefully and inspect their networks for any signs they\u2019ve been targeted or infected.<\/p>\n<p>As noted earlier, the autopsy fails to explain why Fortinet didn\u2019t disclose CVE-2022-42475 until after it was under active exploit. The failure is particularly acute given the severity of the vulnerability. Disclosures are crucial because they help users prioritize the installation of patches. When a new version fixes minor bugs, many organizations often wait to install it. When it fixes a vulnerability with a 9.8 severity rating, they\u2019re much more likely to expedite the update process.<\/p>\n<p>In lieu of answering questions about the lack of disclosure, Fortinet officials provided the following statement:<\/p>\n<blockquote>\n<p>We are committed to the security of our customers. In December 2022, Fortinet distributed a PSIRT advisory (FG-IR-22-398) that detailed mitigation guidance and recommended next steps regarding CVE-2022-42475. We notified customers via the PSIRT Advisory process and advised them to follow the guidance provided and, as part of our ongoing commitment to the security of our customers, continue to monitor the situation. Today, we shared additional extended research regarding CVE-2022-42475. For more information, please visit the <a href=\"https:\/\/www.fortinet.com\/blog\/psirt-blogs\/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https:\/\/www.google.com\/url?q=https:\/\/www.fortinet.com\/blog\/psirt-blogs\/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd&amp;source=gmail&amp;ust=1673631736999000&amp;usg=AOvVaw26tDqA6PAO6Tw_213IxoPC\">blog.<\/a><\/p>\n<\/blockquote>\n<p>The company said additional malicious payloads used in the attacks couldn\u2019t be retrieved.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34221\/Critical-Vulnerability-Gets-Fortinet-VPN-Customers-Infected.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":50097,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[256],"class_list":["post-50096","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackerflaw"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Critical Vulnerability Gets Fortinet VPN Customers Infected 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical Vulnerability Gets Fortinet VPN Customers Infected 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-13T14:34:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2016\/01\/fortigate-640x388.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Critical Vulnerability Gets Fortinet VPN Customers Infected\",\"datePublished\":\"2023-01-13T14:34:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/\"},\"wordCount\":834,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/critical-vulnerability-gets-fortinet-vpn-customers-infected.jpg\",\"keywords\":[\"headline,hacker,flaw\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/\",\"name\":\"Critical Vulnerability Gets Fortinet VPN Customers Infected 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/critical-vulnerability-gets-fortinet-vpn-customers-infected.jpg\",\"datePublished\":\"2023-01-13T14:34:17+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/#primaryimage\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/critical-vulnerability-gets-fortinet-vpn-customers-infected.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/critical-vulnerability-gets-fortinet-vpn-customers-infected.jpg\",\"width\":640,\"height\":388},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,flaw\",\"item\":\"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerflaw\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Critical Vulnerability Gets Fortinet VPN Customers Infected\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Critical Vulnerability Gets Fortinet VPN Customers Infected 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/","og_locale":"en_US","og_type":"article","og_title":"Critical Vulnerability Gets Fortinet VPN Customers Infected 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-01-13T14:34:17+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2016\/01\/fortigate-640x388.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Critical Vulnerability Gets Fortinet VPN Customers Infected","datePublished":"2023-01-13T14:34:17+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/"},"wordCount":834,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/critical-vulnerability-gets-fortinet-vpn-customers-infected.jpg","keywords":["headline,hacker,flaw"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/","url":"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/","name":"Critical Vulnerability Gets Fortinet VPN Customers Infected 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/critical-vulnerability-gets-fortinet-vpn-customers-infected.jpg","datePublished":"2023-01-13T14:34:17+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/critical-vulnerability-gets-fortinet-vpn-customers-infected.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/critical-vulnerability-gets-fortinet-vpn-customers-infected.jpg","width":640,"height":388},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/critical-vulnerability-gets-fortinet-vpn-customers-infected\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,flaw","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerflaw\/"},{"@type":"ListItem","position":3,"name":"Critical Vulnerability Gets Fortinet VPN Customers Infected"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50096","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=50096"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50096\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/50097"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=50096"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=50096"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=50096"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}