ir-23-072-002 (1)

10998572882?profile=RESIZE_400xFortinet warns that a recently addressed FortiOS vulnerability has been exploited by a sophisticated threat actor in highly targeted attacks against governmental and government-related entities.  Patched last week, the bug is tracked as CVE-2022-41328 and is described as a medium-severity path traversal issue leading to command execution.  When it announced the availability of fixes, Fortinet failed to mention that this was actually a zero-day vulnerability.[1]  “An improper limitation of a path