CVE-2022-42475

Published Jan 2, 2023

Last updated 2 months ago

Fortinet

FortiOS

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2022-42475 is a heap-based buffer overflow vulnerability that affects the SSL-VPN component of FortiOS and FortiProxy. It exists in FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier, and FortiProxy SSL-VPN versions 7.2.0 through 7.2.1, and 7.0.7 and earlier. This vulnerability allows a remote, unauthenticated attacker to potentially execute arbitrary code or commands on the system by sending specifically crafted requests. Fortinet is aware of instances where this vulnerability has been exploited in the field.

Description: A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Source: psirt@fortinet.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Known exploits

Data from CISA

Vulnerability name: Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
Exploit added on: Dec 13, 2022
Exploit action due: Jan 3, 2023
Required action: Apply updates per vendor instructions.

Weaknesses

psirt@fortinet.com: CWE-197
nvd@nist.gov: CWE-787

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 11

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BB7E21E-A68B-44FC-8F0E-EF5926186F26",
            "versionEndIncluding": "5.0.14",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F93F9C8-6064-4CED-88DF-3580C517AB51",
            "versionEndIncluding": "5.2.15",
            "versionStartIncluding": "5.2.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0507F264-9E8D-4F9D-AB18-0C6CA5BD69F0",
            "versionEndIncluding": "5.4.13",
            "versionStartIncluding": "5.4.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC0AFBC1-5C11-412E-9979-AF89DD26EFCD",
            "versionEndIncluding": "5.6.14",
            "versionStartIncluding": "5.6.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "795298D3-0C06-471C-87E2-2D04AC190EAD",
            "versionEndExcluding": "6.0.16",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6785608-14A0-4825-BEC0-899E55A9FDF1",
            "versionEndExcluding": "6.2.12",
            "versionStartIncluding": "6.2.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55E67EF5-6AF0-410A-BDE7-CF745ED97328",
            "versionEndExcluding": "6.4.11",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C424900B-9A5E-440C-996B-2CF426F2CAA3",
            "versionEndExcluding": "7.0.9",
            "versionStartIncluding": "7.0.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00E89C95-E9FB-473A-BEB0-FA8E7225AC55",
            "versionEndExcluding": "7.2.3",
            "versionStartIncluding": "7.2.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22936F53-4480-4011-9211-174D1C507E87",
            "versionEndIncluding": "1.0.7",
            "versionStartIncluding": "1.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6BBF05F-4967-4A2E-A8F8-C2086097148B",
            "versionEndIncluding": "1.1.6",
            "versionStartIncluding": "1.1.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33B84D9A-55E3-4146-A55A-ACB507E61B05",
            "versionEndIncluding": "1.2.13",
            "versionStartIncluding": "1.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "954674E3-7E54-4D94-80DE-CB73AE0452EA",
            "versionEndExcluding": "2.0.12",
            "versionStartIncluding": "2.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81E60913-FBE9-467B-AB4B-CA85E97527BA",
            "versionEndExcluding": "7.0.8",
            "versionStartIncluding": "7.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5B24750-4A57-4F80-AAE8-8AC316B376C2",
            "versionEndExcluding": "7.2.2",
            "versionStartIncluding": "7.2.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77974073-D92D-4EB8-854F-A6DCCD13C868",
            "versionEndExcluding": "6.0.15",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6785608-14A0-4825-BEC0-899E55A9FDF1",
            "versionEndExcluding": "6.2.12",
            "versionStartIncluding": "6.2.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A7730E2-63AD-48F2-AE0A-6C8C9369A734",
            "versionEndExcluding": "6.4.10",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE6D1D19-1227-42BE-87A7-E798D60059A5",
            "versionEndExcluding": "7.0.8",
            "versionStartIncluding": "7.0.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fortinet:fim-7901e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "689B8A1F-112D-42CE-A29B-692EF00150AD"
          },
          {
            "criteria": "cpe:2.3:h:fortinet:fim-7904e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "33603726-AB6B-4773-904E-DE103CDCEA70"
          },
          {
            "criteria": "cpe:2.3:h:fortinet:fim-7910e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DB6056EE-E76C-4064-B252-E0D65A1CBFBB"
          },
          {
            "criteria": "cpe:2.3:h:fortinet:fim-7920e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "43DF83AC-1B86-4C45-B5A3-EF56B65C9BF7"
          },
          {
            "criteria": "cpe:2.3:h:fortinet:fim-7921f:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F7BAD653-D841-4744-AE85-C24FC1F3F6DF"
          },
          {
            "criteria": "cpe:2.3:h:fortinet:fim-7941f:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8ADCB4F1-E237-4525-95C4-2C8EFDD7A109"
          },
          {
            "criteria": "cpe:2.3:h:fortinet:fortigate-6300f:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BB61396B-D9EF-44DE-B211-E92EF5A52888"
          },
          {
            "criteria": "cpe:2.3:h:fortinet:fortigate-6300f-dc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1AD28C00-00CC-433F-BD7B-AC58254E4785"
          },
          {
            "criteria": "cpe:2.3:h:fortinet:fortigate-6500f:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1A72901A-EA5B-48B0-9D0B-A8CD8903413C"
          },
          {
            "criteria": "cpe:2.3:h:fortinet:fortigate-6500f-dc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D56B4C97-9BC9-4FB9-9623-F2897050FE8B"
          },
          {
            "criteria": "cpe:2.3:h:fortinet:fortigate-6501f:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "50EFCC23-1135-4BC9-B180-E9045030C844"
          },
          {
            "criteria": "cpe:2.3:h:fortinet:fortigate-6501f-dc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1E355C55-4CAA-4875-95F6-FCF3D360039F"
          },
          {
            "criteria": "cpe:2.3:h:fortinet:fortigate-6601f:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "ACBFBDDC-1BD8-48AA-85A3-AA727C466C8D"
          },
          {
            "criteria": "cpe:2.3:h:fortinet:fortigate-6601f-dc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A56F4F2D-BE9B-458C-B906-017D14DEABBA"
          },
          {
            "criteria": "cpe:2.3:h:fortinet:fortigate-7030e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DEADC8C2-1DB4-4CB9-A014-7EF279C03C08"
          },
          {
            "criteria": "cpe:2.3:h:fortinet:fortigate-7040e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A6BBD9D7-5F9B-4438-91F9-EB496C8186C5"
          },
          {
            "criteria": "cpe:2.3:h:fortinet:fortigate-7060e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "187AAEF7-3FBF-488C-9935-2FA15D131228"
          },
          {
            "criteria": "cpe:2.3:h:fortinet:fortigate-7121f:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D9294854-FC23-4682-A695-325CA3347F37"
          },
          {
            "criteria": "cpe:2.3:h:fortinet:fpm-7620e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CAFABB00-194B-41E4-940C-A5CF3A9CECEB"
          },
          {
            "criteria": "cpe:2.3:h:fortinet:fpm-7620f:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B2CC0365-4336-4700-9A29-1AEA0CA781AF"
          },
          {
            "criteria": "cpe:2.3:h:fortinet:fpm-7630e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D7E4F7F8-50E4-4774-B1E7-13DC1A289104"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]