CVE-2022-42475: Heap-based buffer overflow in sslvpnd
First published: Mon Dec 12 2022(Updated: )
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Credit: psirt@fortinet.com psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FortiOS | ||
| FortiOS | >=5.0.0<=5.0.14 | |
| FortiOS | >=5.2.0<=5.2.15 | |
| FortiOS | >=5.4.0<=5.4.13 | |
| FortiOS | >=5.6.0<=5.6.14 | |
| FortiOS | >=6.0.0<=6.0.15 | |
| FortiOS | >=6.2.0<=6.2.11 | |
| FortiOS | >=6.4.0<=6.4.10 | |
| FortiOS | >=7.0.0<=7.0.8 | |
| FortiOS | >=7.2.0<=7.2.2 | |
| Fortinet FortiProxy SSL VPN webmode | >=1.0.0<=1.0.7 | |
| Fortinet FortiProxy SSL VPN webmode | >=1.1.0<=1.1.6 | |
| Fortinet FortiProxy SSL VPN webmode | >=1.2.0<=1.2.13 | |
| Fortinet FortiProxy SSL VPN webmode | >=2.0.0<=2.0.11 | |
| Fortinet FortiProxy SSL VPN webmode | >=7.0.0<=7.0.7 | |
| Fortinet FortiProxy SSL VPN webmode | =7.2.0 | |
| FortiOS | >=6.0.0<=6.0.14 | |
| FortiOS | >=6.4.0<=6.4.9 | |
| FortiOS | >=7.0.0<=7.0.7 | |
| Fortinet FIM-7901E | ||
| Fortinet FIM-7904E | ||
| Fortinet FIM-7910E | ||
| Fortinet FIM-7920E | ||
| Fortinet FIM-7921F | ||
| Fortinet FIM-7941F | ||
| Fortinet FortiGate 6300F | ||
| Fortinet Fortigate 6300f | ||
| Fortinet FortiGate 6500F | ||
| Fortinet FortiGate 6500F DC | ||
| Fortinet FortiGate-6501F | ||
| Fortinet FortiGate-6501F | ||
| Fortinet Fortigate-6601f-dc | ||
| Fortinet Fortigate 6601F | ||
| Fortinet Fortigate-7030e | ||
| Fortinet FortiGate 7040E | ||
| Fortinet Fortigate 7060e | ||
| Fortinet Fortigate 7121F | ||
| Fortinet FortiManager 7620E | ||
| Fortinet Fpm-7620f | ||
| Fortinet FPM-7630E | ||
| FortiOS | >=6.0.0<6.0.16 | |
| FortiOS | >=6.2.0<6.2.12 | |
| FortiOS | >=6.4.0<6.4.11 | |
| FortiOS | >=7.0.0<7.0.9 | |
| FortiOS | >=7.2.0<7.2.3 | |
| Fortinet FortiProxy SSL VPN webmode | >=2.0.0<2.0.12 | |
| Fortinet FortiProxy SSL VPN webmode | >=7.0.0<7.0.8 | |
| Fortinet FortiProxy SSL VPN webmode | >=7.2.0<7.2.2 | |
| All of | ||
| Any of | ||
| FortiOS | >=6.0.0<6.0.15 | |
| FortiOS | >=6.2.0<6.2.12 | |
| FortiOS | >=6.4.0<6.4.10 | |
| FortiOS | >=7.0.0<7.0.8 | |
| Any of | ||
| Fortinet FIM-7901E | ||
| Fortinet FIM-7904E | ||
| Fortinet FIM-7910E | ||
| Fortinet FIM-7920E | ||
| Fortinet FIM-7921F | ||
| Fortinet FIM-7941F | ||
| Fortinet FortiGate 6300F | ||
| Fortinet Fortigate 6300f | ||
| Fortinet FortiGate 6500F | ||
| Fortinet FortiGate 6500F DC | ||
| Fortinet FortiGate-6501F | ||
| Fortinet FortiGate-6501F | ||
| Fortinet Fortigate-6601f-dc | ||
| Fortinet Fortigate 6601F | ||
| Fortinet Fortigate-7030e | ||
| Fortinet FortiGate 7040E | ||
| Fortinet Fortigate 7060e | ||
| Fortinet Fortigate 7121F | ||
| Fortinet FortiManager 7620E | ||
| Fortinet Fpm-7620f | ||
| Fortinet FPM-7630E |
Remedy
Please upgrade to FortiOS version 7.2.3 or above Please upgrade to FortiOS version 7.0.9 or above Please upgrade to FortiOS version 6.4.11 or above Please upgrade to FortiOS version 6.2.12 or above Please upgrade to FortiOS version 6.0.16 or above Please upgrade to upcoming FortiOS-6K7K version 7.0.8 or above Please upgrade to FortiOS-6K7K version 6.4.10 or above Please upgrade to FortiOS-6K7K version 6.2.12 or above Please upgrade to FortiOS-6K7K version 6.0.15 or above Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above Please upgrade to upcoming FortiProxy version 2.0.12 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.theregister.com/2024/02/06/dutch_defense_china_cyberattack/
- https://www.bleepingcomputer.com/news/security/chinese-hackers-infect-dutch-armed-forces-network-with-malware/
- https://www.bleepingcomputer.com/news/security/chinese-hackers-infect-dutch-military-network-with-malware/
- https://www.bleepingcomputer.com/news/security/new-fortinet-rce-bug-is-actively-exploited-cisa-confirms/
- https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-rce-bug-in-endpoint-management-software/
- https://www.fortiguard.com/psirt/cvrf/FG-IR-22-398
- https://www.fortiguard.com/psirt/FG-IR-22-398
- https://www.bleepingcomputer.com/news/security/exploit-released-for-maximum-severity-fortinet-rce-bug-patch-now/
- https://www.bleepingcomputer.com/news/security/chinese-hackers-breached-20-000-fortigate-systems-worldwide/
- https://www.theregister.com/2024/06/12/chinas_targeting_of_fortigate_systems/
- https://www.bleepingcomputer.com/news/security/noname-ransomware-gang-deploying-ransomhub-malware-in-recent-attacks/
- https://www.bleepingcomputer.com/news/security/cisa-says-critical-fortinet-rce-flaw-now-exploited-in-attacks/
- https://fortiguard.com/psirt/FG-IR-22-398
- https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-critical-fortimanager-flaw-used-in-zero-day-attacks/
- https://www.theregister.com/2024/12/31/china_cyber_intrusions_2024/
- https://www.fortiguard.com/psirt/FG-IR-22-398;
- https://nvd.nist.gov/vuln/detail/CVE-2022-42475
- https://www.bleepingcomputer.com/news/security/fortinet-symlink-trick-gives-access-to-patched-fortigate-vpn-devices/
- https://www.bleepingcomputer.com/news/security/fortinet-hackers-retain-access-to-patched-fortigate-vpns-using-symlinks/
Frequently Asked Questions
What is CVE-2022-42475?
CVE-2022-42475 is a vulnerability in Fortinet FortiOS SSL-VPN that allows an attacker to execute arbitrary code or commands remotely.
How can an attacker exploit CVE-2022-42475?
An attacker can exploit CVE-2022-42475 by sending specifically crafted requests to the Fortinet FortiOS SSL-VPN.
What is the severity of CVE-2022-42475?
CVE-2022-42475 has a severity rating of high.
How can I fix CVE-2022-42475?
To fix CVE-2022-42475, update Fortinet FortiOS SSL-VPN to the latest version provided by Fortinet.
Are there any references for CVE-2022-42475?
Yes, you can find more information about CVE-2022-42475 at the Fortinet PSIRT Advisory FG-IR-22-398.
- agent/type
- collector/the-register
- source/The Register
- alias/CVE-2022-42475
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-21762
- alias/CVE-2024-23108
- alias/CVE-2024-23109
- alias/CVE-2023-34992
- alias/CVE-2023-27997
- agent/first-publish-date
- alias/CVE-2023-48788
- alias/CVE-2023-42789
- alias/CVE-2023-36554
- alias/CVE-2023-47534
- agent/title
- collector/fortiguard-psirt
- source/FortiGuard
- alias/FG-IR-23-130
- agent/author
- agent/description
- agent/remedy
- alias/CVE-2017-0144
- alias/CVE-2020-1472
- alias/CVE-2023-27532
- alias/CVE-2021-42278
- alias/CVE-2021-42287
- alias/CVE-2017-0290
- alias/CVE-2024-23113
- collector/mitre-cve
- source/MITRE
- alias/CVE-2024-47575
- alias/FG-IR-24-423
- alias/CVE-2021-27860
- alias/CVE-2021-40539
- alias/CVE-2024-39717
- agent/source
- agent/last-modified-date
- collector/cisa-known-exploited
- source/CISA
- exploited/true
- ransomware/true
- agent/software-canonical-lookup
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- collector/nvd-api
- agent/softwarecombine
- agent/news-ai
- agent/severity
- agent/weakness
- agent/references
- agent/tags
- agent/event
- agent/trending
- vendor/fortinet
- canonical/fortios
- version/fortios/5.0.0
- version/fortios/5.0.14
- version/fortios/5.2.0
- version/fortios/5.2.15
- version/fortios/5.4.0
- version/fortios/5.4.13
- version/fortios/5.6.0
- version/fortios/5.6.14
- version/fortios/6.0.0
- version/fortios/6.0.15
- version/fortios/6.2.0
- version/fortios/6.2.11
- version/fortios/6.4.0
- version/fortios/6.4.10
- version/fortios/7.0.0
- version/fortios/7.0.8
- version/fortios/7.2.0
- version/fortios/7.2.2
- canonical/fortinet fortiproxy ssl vpn webmode
- version/fortinet fortiproxy ssl vpn webmode/1.0.0
- version/fortinet fortiproxy ssl vpn webmode/1.0.7
- version/fortinet fortiproxy ssl vpn webmode/1.1.0
- version/fortinet fortiproxy ssl vpn webmode/1.1.6
- version/fortinet fortiproxy ssl vpn webmode/1.2.0
- version/fortinet fortiproxy ssl vpn webmode/1.2.13
- version/fortinet fortiproxy ssl vpn webmode/2.0.0
- version/fortinet fortiproxy ssl vpn webmode/2.0.11
- version/fortinet fortiproxy ssl vpn webmode/7.0.0
- version/fortinet fortiproxy ssl vpn webmode/7.0.7
- version/fortinet fortiproxy ssl vpn webmode/7.2.0
- version/fortios/6.0.14
- version/fortios/6.4.9
- version/fortios/7.0.7
- canonical/fortinet fim-7901e
- canonical/fortinet fim-7904e
- canonical/fortinet fim-7910e
- canonical/fortinet fim-7920e
- canonical/fortinet fim-7921f
- canonical/fortinet fim-7941f
- canonical/fortinet fortigate 6300f
- canonical/fortinet fortigate 6500f
- canonical/fortinet fortigate 6500f dc
- canonical/fortinet fortigate-6501f
- canonical/fortinet fortigate-6601f-dc
- canonical/fortinet fortigate 6601f
- canonical/fortinet fortigate-7030e
- canonical/fortinet fortigate 7040e
- canonical/fortinet fortigate 7060e
- canonical/fortinet fortigate 7121f
- canonical/fortinet fortimanager 7620e
- canonical/fortinet fpm-7620f
- canonical/fortinet fpm-7630e