A five-year old vulnerability in Fortinet SSL VPNs remains one of the most widely exploited flaws in enterprise networks, despite repeat patch warnings.

So say cybersecurity officials across the U.S. and its Five Eyes intelligence alliance partners in a new joint security advisory detailing the 12 most common vulnerabilities and exposures that were most “routinely and frequently exploited by malicious actors” in 2022.

The advisory from Australia, Canada, New Zealand, the U.K. and the U.S. also details 30 vulnerabilities that attackers frequently use to compromise organizations, as well as vulnerabilities’ Common Weakness Enumeration, or CWE, referring to an encyclopedia of more than 600 types of software weaknesses.