CVE-2022-42475

Warning

Media report

Exploit

EPSS 94%
Published 02.01.2023 09:15:09
Last modified 24.02.2025 15:44:21
Source psirt@fortinet.com
Teams watchlist Login
Open Login

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier  and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Affected products Warnungen 2 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Fortinet ≫ Fortios Version >= 5.0.0 <= 5.0.14

Fortinet ≫ Fortios Version >= 5.2.0 <= 5.2.15

Fortinet ≫ Fortios Version >= 5.4.0 <= 5.4.13

Fortinet ≫ Fortios Version >= 5.6.0 <= 5.6.14

Fortinet ≫ Fortios Version >= 6.0.0 < 6.0.16

Fortinet ≫ Fortios Version >= 6.2.0 < 6.2.12

Fortinet ≫ Fortios Version >= 6.4.0 < 6.4.11

Fortinet ≫ Fortios Version >= 7.0.0 < 7.0.9

Fortinet ≫ Fortios Version >= 7.2.0 < 7.2.3

Fortinet ≫ Fortiproxy Version >= 1.0.0 <= 1.0.7

Fortinet ≫ Fortiproxy Version >= 1.1.0 <= 1.1.6

Fortinet ≫ Fortiproxy Version >= 1.2.0 <= 1.2.13

Fortinet ≫ Fortiproxy Version >= 2.0.0 < 2.0.12

Fortinet ≫ Fortiproxy Version >= 7.0.0 < 7.0.8

Fortinet ≫ Fortiproxy Version >= 7.2.0 < 7.2.2

Fortinet ≫ Fortios Version >= 6.0.0 < 6.0.15

   Fortinet ≫ Fim-7901e Version-
   Fortinet ≫ Fim-7904e Version-
   Fortinet ≫ Fim-7910e Version-
   Fortinet ≫ Fim-7920e Version-
   Fortinet ≫ Fim-7921f Version-
   Fortinet ≫ Fim-7941f Version-
   Fortinet ≫ Fortigate-6300f Version-
   Fortinet ≫ Fortigate-6300f-dc Version-
   Fortinet ≫ Fortigate-6500f Version-
   Fortinet ≫ Fortigate-6500f-dc Version-
   Fortinet ≫ Fortigate-6501f Version-
   Fortinet ≫ Fortigate-6501f-dc Version-
   Fortinet ≫ Fortigate-6601f Version-
   Fortinet ≫ Fortigate-6601f-dc Version-
   Fortinet ≫ Fortigate-7030e Version-
   Fortinet ≫ Fortigate-7040e Version-
   Fortinet ≫ Fortigate-7060e Version-
   Fortinet ≫ Fortigate-7121f Version-
   Fortinet ≫ Fpm-7620e Version-
   Fortinet ≫ Fpm-7620f Version-
   Fortinet ≫ Fpm-7630e Version-

Fortinet ≫ Fortios Version >= 6.2.0 < 6.2.12

Fortinet ≫ Fortios Version >= 6.4.0 < 6.4.10

Fortinet ≫ Fortios Version >= 7.0.0 < 7.0.8

13.12.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability

Vulnerability

Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.

Description

Apply updates per vendor instructions.

Required actions

12.12.2022: CERT.at Warnung

https://www.cert.at/de/warnungen/2022/12/kritische-sicherheitslucke-in-fortinet-fortios

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	94%	0.999

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@fortinet.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-197 Numeric Truncation Error

Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.heise.de/news/14-000-Fortinet-Firewalls-kompromitiert-Angreifer-nisten-sich-ein-10352344.html

Medienbericht

heise Security

https://fortiguard.com/psirt/FG-IR-22-398

Vendor Advisory

Exploit

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2022-42475

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-42475

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-42475

EUVD