CVE-2022-42475: Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability

CVE ID

CVE-2022-42475

Vulnerability Name

Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability

• Project: Fortinet
• Product: FortiOS

Date

• Date Added: 2022-12-13
• Due Date: 2023-01-03

Description

Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes

https://www.fortiguard.com/psirt/FG-IR-22-398; https://nvd.nist.gov/vuln/detail/CVE-2022-42475

Related Security News

• Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass
• Critical Fortinet flaws now exploited in Qilin ransomware attacks
• Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
• Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices
• Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks
• Fortinet warns of new critical FortiManager flaw used in zero-day attacks
• CISA says critical Fortinet RCE flaw now exploited in attacks
• CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub
• NoName ransomware gang deploying RansomHub malware in recent attacks
• UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List