Operating system features can be manipulated to divert traffic away from encrypted VPN tunnel
FortiOS, FortiProxy, FortiClientMac and FortiSandbox also patched
A significant portion of 133,000 vulnerable devices are located in Asia
'Assume a sophisticated threat actor may deploy rootkit level persistence'
The bug could allow an unauthenticated user to execute unauthorised commands via specifically crafted requests
CISA warns of active attacks
Attackers used VPNs to infiltrate and WinRAR scripts to wipe data
Users who search for major Chinese cities see spam from accounts that appear to be bots
Only non-sensitive data was stolen, Cisco says