FG-IR-22-398: Heap-based buffer overflow in sslvpnd

First published: Mon Dec 12 2022(Updated: )

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.## Exploitation status:Fortinet is aware of an instance where this vulnerability was exploited in the wild, and recommends immediately validating your systems against the following indicators of compromise:Multiple log entries with:Logdesc=Application crashed and msg=[...] application:sslvpnd,[...], Signal 11 received, Backtrace: [...]Presence of the following artifacts in the filesystem:/data/lib/libips.bak/data/lib/libgif.so/data/lib/libiptcp.so/data/lib/libipudp.so/data/lib/libjepg.so/var/.sslvpnconfigbk/data/etc/wxd.conf/flashConnections to suspicious IP addresses from the FortiGate:188.34.130.40:444103.131.189.143:30080,30081,30443,20443193.36.119.61:8443,444172.247.168.153:8033139.180.184.19766.42.91.32158.247.221.101107.148.27.117139.180.128.142155.138.224.122185.174.136.20 For more information on how to check for the presence of the indicators of compromise above, please visit this Knowledge Base entry, and contact customer support for assistance. ## Workaround:Disable SSL-VPN.## Changelog:2022-12-12: Added FOS6k/k 2022-12-22: Added FortiProxy2022-12-27: Corrected typo in IOCs: 192.36.119.61 => 193.36.119.61

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/weakness
• agent/last-modified-date
• agent/references
• agent/type
• agent/first-publish-date
• agent/event
• agent/severity
• agent/title
• collector/fortiguard-psirt
• source/FortiGuard
• alias/CVE-2022-42475
• agent/description
• agent/source
• agent/softwarecombine
• agent/tags
• agent/guess-ai
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• vendor/fortinet
• canonical/fortinet fortios ips engine