First published: Mon Dec 12 2022(Updated: )
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiOS | >=5.0.0<=5.0.14 | |
Fortinet FortiOS | >=5.2.0<=5.2.15 | |
Fortinet FortiOS | >=5.4.0<=5.4.13 | |
Fortinet FortiOS | >=5.6.0<=5.6.14 | |
Fortinet FortiOS | >=6.0.0<=6.0.15 | |
Fortinet FortiOS | >=6.2.0<=6.2.11 | |
Fortinet FortiOS | >=6.4.0<=6.4.10 | |
Fortinet FortiOS | >=7.0.0<=7.0.8 | |
Fortinet FortiOS | >=7.2.0<=7.2.2 | |
Fortinet FortiProxy | >=1.0.0<=1.0.7 | |
Fortinet FortiProxy | >=1.1.0<=1.1.6 | |
Fortinet FortiProxy | >=1.2.0<=1.2.13 | |
Fortinet FortiProxy | >=2.0.0<=2.0.11 | |
Fortinet FortiProxy | >=7.0.0<=7.0.7 | |
Fortinet FortiProxy | =7.2.0 | |
Fortinet FortiOS | >=6.0.0<=6.0.14 | |
Fortinet FortiOS | >=6.4.0<=6.4.9 | |
Fortinet FortiOS | >=7.0.0<=7.0.7 | |
Fortinet Fim-7901e | ||
Fortinet Fim-7904e | ||
Fortinet Fim-7910e | ||
Fortinet Fim-7920e | ||
Fortinet Fim-7921f | ||
Fortinet FortiOS | ||
Fortinet FortiOS | ||
Fortinet Fortigate-6300f-dc | ||
Fortinet FortiOS | ||
Fortinet FortiOS | ||
Fortinet Fortigate-6501f | ||
Fortinet FortiOS | ||
Fortinet Fortigate-6601f | ||
Fortinet FortiOS | ||
Fortinet Fortigate-7030e | ||
Fortinet FortiOS | ||
Fortinet Fortigate-7060e | ||
Fortinet FortiOS | ||
Fortinet FortiOS | ||
Fortinet FortiOS | ||
Fortinet FortiOS | ||
Fortinet FortiOS | ||
Fortinet FortiProxy |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2022-42475 is a vulnerability in Fortinet FortiOS SSL-VPN that allows an attacker to execute arbitrary code or commands remotely.
An attacker can exploit CVE-2022-42475 by sending specifically crafted requests to the Fortinet FortiOS SSL-VPN.
CVE-2022-42475 has a severity rating of high.
To fix CVE-2022-42475, update Fortinet FortiOS SSL-VPN to the latest version provided by Fortinet.
Yes, you can find more information about CVE-2022-42475 at the Fortinet PSIRT Advisory FG-IR-22-398.