AA23-250A: Multiple Nation-State Threat Actors Exploit CVE-20

AA23-250A: Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475

On September 7, a joint Cybersecurity Advisory (CSA) AA23-250A coauthored by the Cybersecurity and Infrastructure Security Agency (CISA) and other partners was released to highlight the tactics, techniques, and procedures (TTPs) observed by nation-state advanced persistent threat (APT) actors. According to the CSA, an unnamed Aeronautical organization was breached after the APT actors exploited CVE-2022-47966 in early January 2023. The CSA notes that additional APT actors also had a presence in the organization's firewall via the exploitation of CVE-2022-42475.

CVE-2022-47966 is a remote code execution (RCE) vulnerability affecting multiple Zoho ManageEngine on-premise products, including ServiceDesk Plus

CVE-2022-42475 is a heap-based buffer overflow in several versions of Fortinet’s FortiOS that could be exploited by a remote, unauthenticated attacker using a specially crafted request to gain code execution.

For more information about the CSA, including the availability of Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

AA23-250A: Multiple Nation-State Threat Actors Exploit CVE-20

Recent Discussions

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Americas

Europe

Asia / Australia