- Vulnerability/
- CVE-2022-42475
CVE-2022-42475: Heap-based buffer overflow in sslvpnd
First published: Mon Dec 12 2022(Updated: )
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Credit: psirt@fortinet.com psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiOS | ||
| Fortinet FortiOS | >=5.0.0<=5.0.14 | |
| Fortinet FortiOS | >=5.2.0<=5.2.15 | |
| Fortinet FortiOS | >=5.4.0<=5.4.13 | |
| Fortinet FortiOS | >=5.6.0<=5.6.14 | |
| Fortinet FortiOS | >=6.0.0<=6.0.15 | |
| Fortinet FortiOS | >=6.2.0<=6.2.11 | |
| Fortinet FortiOS | >=6.4.0<=6.4.10 | |
| Fortinet FortiOS | >=7.0.0<=7.0.8 | |
| Fortinet FortiOS | >=7.2.0<=7.2.2 | |
| Fortinet FortiProxy | >=1.0.0<=1.0.7 | |
| Fortinet FortiProxy | >=1.1.0<=1.1.6 | |
| Fortinet FortiProxy | >=1.2.0<=1.2.13 | |
| Fortinet FortiProxy | >=2.0.0<=2.0.11 | |
| Fortinet FortiProxy | >=7.0.0<=7.0.7 | |
| Fortinet FortiProxy | =7.2.0 | |
| Fortinet FortiOS | >=6.0.0<=6.0.14 | |
| Fortinet FortiOS | >=6.4.0<=6.4.9 | |
| Fortinet FortiOS | >=7.0.0<=7.0.7 | |
| Fortinet Fim-7901e | ||
| Fortinet Fim-7904e | ||
| Fortinet Fim-7910e | ||
| Fortinet Fim-7920e | ||
| Fortinet Fim-7921f | ||
| Fortinet Fim-7941f | ||
| Fortinet Fortigate-6300f | ||
| Fortinet Fortigate-6300f-dc | ||
| Fortinet Fortigate-6500f | ||
| Fortinet Fortigate-6500f-dc | ||
| Fortinet Fortigate-6501f | ||
| Fortinet Fortigate-6501f-dc | ||
| Fortinet Fortigate-6601f | ||
| Fortinet Fortigate-6601f-dc | ||
| Fortinet Fortigate-7030e | ||
| Fortinet Fortigate-7040e | ||
| Fortinet Fortigate-7060e | ||
| Fortinet Fortigate-7121f | ||
| Fortinet Fpm-7620e | ||
| Fortinet Fpm-7620f | ||
| Fortinet Fpm-7630e | ||
| Fortinet FortiOS | >=6.0.0<6.0.16 | |
| Fortinet FortiOS | >=6.2.0<6.2.12 | |
| Fortinet FortiOS | >=6.4.0<6.4.11 | |
| Fortinet FortiOS | >=7.0.0<7.0.9 | |
| Fortinet FortiOS | >=7.2.0<7.2.3 | |
| Fortinet FortiProxy | >=7.0.0<7.0.8 | |
| Fortinet FortiProxy | >=7.2.0<7.2.2 | |
| All of | ||
| Any of | ||
| Fortinet FortiOS | >=6.0.0<6.0.15 | |
| Fortinet FortiOS | >=6.2.0<6.2.12 | |
| Fortinet FortiOS | >=6.4.0<6.4.10 | |
| Fortinet FortiOS | >=7.0.0<7.0.8 | |
| Any of | ||
| Fortinet Fim-7901e | ||
| Fortinet Fim-7904e | ||
| Fortinet Fim-7910e | ||
| Fortinet Fim-7920e | ||
| Fortinet Fim-7921f | ||
| Fortinet Fim-7941f | ||
| Fortinet Fortigate-6300f | ||
| Fortinet Fortigate-6300f-dc | ||
| Fortinet Fortigate-6500f | ||
| Fortinet Fortigate-6500f-dc | ||
| Fortinet Fortigate-6501f | ||
| Fortinet Fortigate-6501f-dc | ||
| Fortinet Fortigate-6601f | ||
| Fortinet Fortigate-6601f-dc | ||
| Fortinet Fortigate-7030e | ||
| Fortinet Fortigate-7040e | ||
| Fortinet Fortigate-7060e | ||
| Fortinet Fortigate-7121f | ||
| Fortinet Fpm-7620e | ||
| Fortinet Fpm-7620f | ||
| Fortinet Fpm-7630e |
Remedy
Please upgrade to FortiOS version 7.2.3 or above Please upgrade to FortiOS version 7.0.9 or above Please upgrade to FortiOS version 6.4.11 or above Please upgrade to FortiOS version 6.2.12 or above Please upgrade to FortiOS version 6.0.16 or above Please upgrade to upcoming FortiOS-6K7K version 7.0.8 or above Please upgrade to FortiOS-6K7K version 6.4.10 or above Please upgrade to FortiOS-6K7K version 6.2.12 or above Please upgrade to FortiOS-6K7K version 6.0.15 or above Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above Please upgrade to upcoming FortiProxy version 2.0.12 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.theregister.com/2024/02/06/dutch_defense_china_cyberattack/
- https://www.bleepingcomputer.com/news/security/chinese-hackers-infect-dutch-armed-forces-network-with-malware/
- https://www.bleepingcomputer.com/news/security/chinese-hackers-infect-dutch-military-network-with-malware/
- https://www.bleepingcomputer.com/news/security/new-fortinet-rce-bug-is-actively-exploited-cisa-confirms/
- https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-rce-bug-in-endpoint-management-software/
- https://www.fortiguard.com/psirt/cvrf/FG-IR-22-398
- https://www.fortiguard.com/psirt/FG-IR-22-398
- https://www.bleepingcomputer.com/news/security/exploit-released-for-maximum-severity-fortinet-rce-bug-patch-now/
- https://www.bleepingcomputer.com/news/security/chinese-hackers-breached-20-000-fortigate-systems-worldwide/
- https://fortiguard.com/psirt/FG-IR-22-398
- https://www.theregister.com/2024/06/12/chinas_targeting_of_fortigate_systems/
- https://www.bleepingcomputer.com/news/security/noname-ransomware-gang-deploying-ransomhub-malware-in-recent-attacks/
- https://www.fortiguard.com/psirt/FG-IR-22-398;
- https://nvd.nist.gov/vuln/detail/CVE-2022-42475
- https://www.bleepingcomputer.com/news/security/cisa-says-critical-fortinet-rce-flaw-now-exploited-in-attacks/
- https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-critical-fortimanager-flaw-used-in-zero-day-attacks/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2022-42475?
CVE-2022-42475 is a vulnerability in Fortinet FortiOS SSL-VPN that allows an attacker to execute arbitrary code or commands remotely.
How can an attacker exploit CVE-2022-42475?
An attacker can exploit CVE-2022-42475 by sending specifically crafted requests to the Fortinet FortiOS SSL-VPN.
What is the severity of CVE-2022-42475?
CVE-2022-42475 has a severity rating of high.
How can I fix CVE-2022-42475?
To fix CVE-2022-42475, update Fortinet FortiOS SSL-VPN to the latest version provided by Fortinet.
Are there any references for CVE-2022-42475?
Yes, you can find more information about CVE-2022-42475 at the Fortinet PSIRT Advisory FG-IR-22-398.
- agent/type
- collector/the-register
- source/The Register
- alias/CVE-2022-42475
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-21762
- alias/CVE-2024-23108
- alias/CVE-2024-23109
- alias/CVE-2023-34992
- alias/CVE-2023-27997
- agent/first-publish-date
- agent/severity
- alias/CVE-2023-48788
- alias/CVE-2023-42789
- alias/CVE-2023-36554
- alias/CVE-2023-47534
- agent/news-ai
- agent/title
- collector/fortiguard-psirt
- source/FortiGuard
- alias/FG-IR-23-130
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/description
- agent/remedy
- alias/CVE-2017-0144
- alias/CVE-2020-1472
- alias/CVE-2023-27532
- alias/CVE-2021-42278
- alias/CVE-2021-42287
- alias/CVE-2017-0290
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- alias/CVE-2024-23113
- collector/mitre-cve
- source/MITRE
- alias/CVE-2024-47575
- alias/FG-IR-24-423
- agent/references
- agent/tags
- agent/event
- collector/nvd-cve
- agent/last-modified-date
- agent/trending
- vendor/fortinet
- canonical/fortinet fortios
- version/fortinet fortios/5.0.0
- version/fortinet fortios/5.0.14
- version/fortinet fortios/5.2.0
- version/fortinet fortios/5.2.15
- version/fortinet fortios/5.4.0
- version/fortinet fortios/5.4.13
- version/fortinet fortios/5.6.0
- version/fortinet fortios/5.6.14
- version/fortinet fortios/6.0.0
- version/fortinet fortios/6.0.15
- version/fortinet fortios/6.2.0
- version/fortinet fortios/6.2.11
- version/fortinet fortios/6.4.0
- version/fortinet fortios/6.4.10
- version/fortinet fortios/7.0.0
- version/fortinet fortios/7.0.8
- version/fortinet fortios/7.2.0
- version/fortinet fortios/7.2.2
- canonical/fortinet fortiproxy
- version/fortinet fortiproxy/1.0.0
- version/fortinet fortiproxy/1.0.7
- version/fortinet fortiproxy/1.1.0
- version/fortinet fortiproxy/1.1.6
- version/fortinet fortiproxy/1.2.0
- version/fortinet fortiproxy/1.2.13
- version/fortinet fortiproxy/2.0.0
- version/fortinet fortiproxy/2.0.11
- version/fortinet fortiproxy/7.0.0
- version/fortinet fortiproxy/7.0.7
- version/fortinet fortiproxy/7.2.0
- version/fortinet fortios/6.0.14
- version/fortinet fortios/6.4.9
- version/fortinet fortios/7.0.7
- canonical/fortinet fim-7901e
- canonical/fortinet fim-7904e
- canonical/fortinet fim-7910e
- canonical/fortinet fim-7920e
- canonical/fortinet fim-7921f
- canonical/fortinet fim-7941f
- canonical/fortinet fortigate-6300f
- canonical/fortinet fortigate-6300f-dc
- canonical/fortinet fortigate-6500f
- canonical/fortinet fortigate-6500f-dc
- canonical/fortinet fortigate-6501f
- canonical/fortinet fortigate-6501f-dc
- canonical/fortinet fortigate-6601f
- canonical/fortinet fortigate-6601f-dc
- canonical/fortinet fortigate-7030e
- canonical/fortinet fortigate-7040e
- canonical/fortinet fortigate-7060e
- canonical/fortinet fortigate-7121f
- canonical/fortinet fpm-7620e
- canonical/fortinet fpm-7620f
- canonical/fortinet fpm-7630e