CVE-2022-42475: Heap-based buffer overflow in sslvpnd
First published: Mon Dec 12 2022(Updated: )
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiOS | >=5.0.0<=5.0.14 | |
| Fortinet FortiOS | >=5.2.0<=5.2.15 | |
| Fortinet FortiOS | >=5.4.0<=5.4.13 | |
| Fortinet FortiOS | >=5.6.0<=5.6.14 | |
| Fortinet FortiOS | >=6.0.0<=6.0.15 | |
| Fortinet FortiOS | >=6.2.0<=6.2.11 | |
| Fortinet FortiOS | >=6.4.0<=6.4.10 | |
| Fortinet FortiOS | >=7.0.0<=7.0.8 | |
| Fortinet FortiOS | >=7.2.0<=7.2.2 | |
| Fortinet FortiProxy | >=1.0.0<=1.0.7 | |
| Fortinet FortiProxy | >=1.1.0<=1.1.6 | |
| Fortinet FortiProxy | >=1.2.0<=1.2.13 | |
| Fortinet FortiProxy | >=2.0.0<=2.0.11 | |
| Fortinet FortiProxy | >=7.0.0<=7.0.7 | |
| Fortinet FortiProxy | =7.2.0 | |
| Fortinet FortiOS | >=6.0.0<=6.0.14 | |
| Fortinet FortiOS | >=6.4.0<=6.4.9 | |
| Fortinet FortiOS | >=7.0.0<=7.0.7 | |
| Fortinet Fim-7901e | ||
| Fortinet Fim-7904e | ||
| Fortinet Fim-7910e | ||
| Fortinet Fim-7920e | ||
| Fortinet Fim-7921f | ||
| Fortinet FortiOS | ||
| Fortinet FortiOS | ||
| Fortinet Fortigate-6300f-dc | ||
| Fortinet FortiOS | ||
| Fortinet FortiOS | ||
| Fortinet Fortigate-6501f | ||
| Fortinet FortiOS | ||
| Fortinet Fortigate-6601f | ||
| Fortinet FortiOS | ||
| Fortinet Fortigate-7030e | ||
| Fortinet FortiOS | ||
| Fortinet Fortigate-7060e | ||
| Fortinet FortiOS | ||
| Fortinet FortiOS | ||
| Fortinet FortiOS | ||
| Fortinet FortiOS | ||
| Fortinet FortiOS | ||
| Fortinet FortiProxy |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://fortiguard.com/psirt/FG-IR-22-398
- https://www.fortiguard.com/psirt/FG-IR-22-398
- https://www.theregister.com/2024/02/06/dutch_defense_china_cyberattack/
- https://www.bleepingcomputer.com/news/security/chinese-hackers-infect-dutch-armed-forces-network-with-malware/
- https://www.bleepingcomputer.com/news/security/chinese-hackers-infect-dutch-military-network-with-malware/
- https://www.bleepingcomputer.com/news/security/new-fortinet-rce-bug-is-actively-exploited-cisa-confirms/
- https://www.fortiguard.com/psirt/cvrf/FG-IR-22-398
- https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-rce-bug-in-endpoint-management-software/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2022-42475?
CVE-2022-42475 is a vulnerability in Fortinet FortiOS SSL-VPN that allows an attacker to execute arbitrary code or commands remotely.
How can an attacker exploit CVE-2022-42475?
An attacker can exploit CVE-2022-42475 by sending specifically crafted requests to the Fortinet FortiOS SSL-VPN.
What is the severity of CVE-2022-42475?
CVE-2022-42475 has a severity rating of high.
How can I fix CVE-2022-42475?
To fix CVE-2022-42475, update Fortinet FortiOS SSL-VPN to the latest version provided by Fortinet.
Are there any references for CVE-2022-42475?
Yes, you can find more information about CVE-2022-42475 at the Fortinet PSIRT Advisory FG-IR-22-398.
- agent/last-modified-date
- agent/type
- agent/author
- collector/the-register
- source/The Register
- alias/CVE-2022-42475
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-21762
- alias/CVE-2024-23108
- alias/CVE-2024-23109
- alias/CVE-2023-34992
- alias/CVE-2023-27997
- agent/softwarecombine
- agent/first-publish-date
- agent/severity
- alias/CVE-2023-48788
- alias/CVE-2023-42789
- alias/CVE-2023-36554
- alias/CVE-2023-47534
- agent/news-ai
- agent/weakness
- agent/references
- agent/tags
- agent/event
- collector/fortiguard-psirt
- source/FortiGuard
- agent/title
- agent/description
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/fortinet
- canonical/fortinet fortios
- version/fortinet fortios/5.0.0
- version/fortinet fortios/5.0.14
- version/fortinet fortios/5.2.0
- version/fortinet fortios/5.2.15
- version/fortinet fortios/5.4.0
- version/fortinet fortios/5.4.13
- version/fortinet fortios/5.6.0
- version/fortinet fortios/5.6.14
- version/fortinet fortios/6.0.0
- version/fortinet fortios/6.0.15
- version/fortinet fortios/6.2.0
- version/fortinet fortios/6.2.11
- version/fortinet fortios/6.4.0
- version/fortinet fortios/6.4.10
- version/fortinet fortios/7.0.0
- version/fortinet fortios/7.0.8
- version/fortinet fortios/7.2.0
- version/fortinet fortios/7.2.2
- canonical/fortinet fortiproxy
- version/fortinet fortiproxy/1.0.0
- version/fortinet fortiproxy/1.0.7
- version/fortinet fortiproxy/1.1.0
- version/fortinet fortiproxy/1.1.6
- version/fortinet fortiproxy/1.2.0
- version/fortinet fortiproxy/1.2.13
- version/fortinet fortiproxy/2.0.0
- version/fortinet fortiproxy/2.0.11
- version/fortinet fortiproxy/7.0.0
- version/fortinet fortiproxy/7.0.7
- version/fortinet fortiproxy/7.2.0
- version/fortinet fortios/6.0.14
- version/fortinet fortios/6.4.9
- version/fortinet fortios/7.0.7
- canonical/fortinet fim-7901e
- canonical/fortinet fim-7904e
- canonical/fortinet fim-7910e
- canonical/fortinet fim-7920e
- canonical/fortinet fim-7921f
- canonical/fortinet fortigate-6300f-dc
- canonical/fortinet fortigate-6501f
- canonical/fortinet fortigate-6601f
- canonical/fortinet fortigate-7030e
- canonical/fortinet fortigate-7060e