CVE-2022-42475

CVSS 9.3 CRITICALEPSS 99.5%● KEVCWE-197

In short

A critical flaw in FortiOS and FortiProxy SSL-VPN allows remote attackers to crash the system or run malicious code without needing to log in. This happens because the software doesn't properly check the size of data it receives, letting attackers send specially crafted requests that overflow memory.

Technical detail

A heap-based buffer overflow in FortiOS and FortiProxy SSL-VPN (multiple versions) enables unauthenticated remote code execution via malformed SSL-VPN requests. The vulnerability stems from insufficient bounds checking on input data, allowing an attacker to overwrite heap memory and achieve arbitrary code execution without authentication.

Summary generated and translated by AI from the official description.

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

Affected products

Fortinet · FortiOS Fortinet · FortiProxy

public PoCs found — 8

githubgithub.com/scrt/cve-2022-42475★ 109 githubgithub.com/0xhaggis/CVE-2022-42475★ 34 githubgithub.com/P4x1s/CVE-2022-42475-RCE-POC★ 8 githubgithub.com/Amir-hy/cve-2022-42475★ 7 githubgithub.com/bryanster/ioc-cve-2022-42475★ 1 githubgithub.com/Mustafa1986/cve-2022-42475-Fortinet★ 1 githubgithub.com/natceil/cve-2022-42475★ 0 githubgithub.com/ArthurHendrich/CVE-2022-42475-POC★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fortiguard.com/psirt/FG-IR-22-398 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42475