CVE-2022-42475
Published Jan 2, 2023
Last updated 2 months ago
AI description
CVE-2022-42475 is a heap-based buffer overflow vulnerability that affects the SSL-VPN component of FortiOS and FortiProxy. It exists in FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier, and FortiProxy SSL-VPN versions 7.2.0 through 7.2.1, and 7.0.7 and earlier. This vulnerability allows a remote, unauthenticated attacker to potentially execute arbitrary code or commands on the system by sending specifically crafted requests. Fortinet is aware of instances where this vulnerability has been exploited in the field.
- Description
- A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
- Exploit added on
- Dec 13, 2022
- Exploit action due
- Jan 3, 2023
- Required action
- Apply updates per vendor instructions.
- Hype score
- Not currently trending
⚡ Even patching won't save you. Fortinet confirms attackers kept read-only access to FortiGate devices after patching old flaws (CVE-2022-42475, CVE-2023-27997, CVE-2024-21762) via hidden symlink in SSL-VPN. https://t.co/gqXSmXNMa4
@achi_tech
19 Apr 2025
103 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities: Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet vulnerabilities (CVE-2024-21762, CVE-2023-27997, and CVE-2022-42475) within FortiGate prod ...
@AnnieDo52640257
15 Apr 2025
128 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinetのゼロデイ脆弱性、任意のコード実行につながる可能性あり(CVE-2022-42475、CVE-2023-27997、CVE-2024-21762) https://t.co/s2zvEqFPp0 #Security #セキュリティ #ニュース
@SecureShield_
15 Apr 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Compromise and persistent access of Fortinet FortiOS products (CVE-2022-42475, CVE-2023-27997, CVE-2024-21762) https://t.co/RvWSwRITk1 https://t.co/yl2K6pPyT2
@djhsecurity
14 Apr 2025
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet VPNs Still at Risk Despite Patching Fortinet warns that attackers are maintaining access to compromised FortiGate VPN devices even after security patches. Exploited vulnerabilities include CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762. 🔍 How? Hackers left behind
@ChbibAnas
13 Apr 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Fortinet warns that attackers can maintain read-only access to FortiGate devices via a symbolic link, even after patching vulnerabilities like CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762, affecting SSL-VPN-enabled devices. https://t.co/gMCtKRq5gy
@Cyber_O51NT
13 Apr 2025
717 Impressions
2 Retweets
4 Likes
2 Bookmarks
1 Reply
0 Quotes
Fortigateデバイスの脆弱性CVE-2022-42475、CVE-2023-27997、CVE-2024-21762などを悪用しユーザーファイルシステムとルートファイルシステムを接続するシンボリックリンクを作成することで読み取り専用アクセスを維持する方法が発見されたとのこと。 https://t.co/n7FwIJDivV
@ntsuji
12 Apr 2025
2640 Impressions
3 Retweets
12 Likes
6 Bookmarks
2 Replies
0 Quotes
Fortinetによれば、最近、既知の脆弱性(CVE-2022-42475、CVE-2023-27997、CVE-2024-21762など)を悪用した攻撃が確認され、新しい手法でFortiGate製品に対して”read-only”のアクセスを維持する事例が発見されました。 ただし、SSL-VPNを有効化していない環境は影響を受けません。 https://t.co/rJ9Vc1KSVE
@t_nihonmatsu
12 Apr 2025
416 Impressions
0 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
⚡ Even patching won't save you. Fortinet confirms attackers kept read-only access to FortiGate devices after patching old flaws (CVE-2022-42475, CVE-2023-27997, CVE-2024-21762) via hidden symlink in SSL-VPN. Full details 👉 https://t.co/AbzC2WPo4r
@TheHackersNews
11 Apr 2025
72569 Impressions
74 Retweets
154 Likes
47 Bookmarks
4 Replies
8 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BB7E21E-A68B-44FC-8F0E-EF5926186F26",
"versionEndIncluding": "5.0.14",
"versionStartIncluding": "5.0.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F93F9C8-6064-4CED-88DF-3580C517AB51",
"versionEndIncluding": "5.2.15",
"versionStartIncluding": "5.2.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0507F264-9E8D-4F9D-AB18-0C6CA5BD69F0",
"versionEndIncluding": "5.4.13",
"versionStartIncluding": "5.4.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AC0AFBC1-5C11-412E-9979-AF89DD26EFCD",
"versionEndIncluding": "5.6.14",
"versionStartIncluding": "5.6.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "795298D3-0C06-471C-87E2-2D04AC190EAD",
"versionEndExcluding": "6.0.16",
"versionStartIncluding": "6.0.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6785608-14A0-4825-BEC0-899E55A9FDF1",
"versionEndExcluding": "6.2.12",
"versionStartIncluding": "6.2.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55E67EF5-6AF0-410A-BDE7-CF745ED97328",
"versionEndExcluding": "6.4.11",
"versionStartIncluding": "6.4.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C424900B-9A5E-440C-996B-2CF426F2CAA3",
"versionEndExcluding": "7.0.9",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00E89C95-E9FB-473A-BEB0-FA8E7225AC55",
"versionEndExcluding": "7.2.3",
"versionStartIncluding": "7.2.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22936F53-4480-4011-9211-174D1C507E87",
"versionEndIncluding": "1.0.7",
"versionStartIncluding": "1.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E6BBF05F-4967-4A2E-A8F8-C2086097148B",
"versionEndIncluding": "1.1.6",
"versionStartIncluding": "1.1.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33B84D9A-55E3-4146-A55A-ACB507E61B05",
"versionEndIncluding": "1.2.13",
"versionStartIncluding": "1.2.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "954674E3-7E54-4D94-80DE-CB73AE0452EA",
"versionEndExcluding": "2.0.12",
"versionStartIncluding": "2.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81E60913-FBE9-467B-AB4B-CA85E97527BA",
"versionEndExcluding": "7.0.8",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5B24750-4A57-4F80-AAE8-8AC316B376C2",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "7.2.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77974073-D92D-4EB8-854F-A6DCCD13C868",
"versionEndExcluding": "6.0.15",
"versionStartIncluding": "6.0.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6785608-14A0-4825-BEC0-899E55A9FDF1",
"versionEndExcluding": "6.2.12",
"versionStartIncluding": "6.2.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A7730E2-63AD-48F2-AE0A-6C8C9369A734",
"versionEndExcluding": "6.4.10",
"versionStartIncluding": "6.4.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE6D1D19-1227-42BE-87A7-E798D60059A5",
"versionEndExcluding": "7.0.8",
"versionStartIncluding": "7.0.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fortinet:fim-7901e:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "689B8A1F-112D-42CE-A29B-692EF00150AD"
},
{
"criteria": "cpe:2.3:h:fortinet:fim-7904e:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "33603726-AB6B-4773-904E-DE103CDCEA70"
},
{
"criteria": "cpe:2.3:h:fortinet:fim-7910e:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "DB6056EE-E76C-4064-B252-E0D65A1CBFBB"
},
{
"criteria": "cpe:2.3:h:fortinet:fim-7920e:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "43DF83AC-1B86-4C45-B5A3-EF56B65C9BF7"
},
{
"criteria": "cpe:2.3:h:fortinet:fim-7921f:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F7BAD653-D841-4744-AE85-C24FC1F3F6DF"
},
{
"criteria": "cpe:2.3:h:fortinet:fim-7941f:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8ADCB4F1-E237-4525-95C4-2C8EFDD7A109"
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-6300f:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BB61396B-D9EF-44DE-B211-E92EF5A52888"
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-6300f-dc:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1AD28C00-00CC-433F-BD7B-AC58254E4785"
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-6500f:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1A72901A-EA5B-48B0-9D0B-A8CD8903413C"
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-6500f-dc:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D56B4C97-9BC9-4FB9-9623-F2897050FE8B"
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-6501f:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "50EFCC23-1135-4BC9-B180-E9045030C844"
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-6501f-dc:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1E355C55-4CAA-4875-95F6-FCF3D360039F"
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-6601f:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "ACBFBDDC-1BD8-48AA-85A3-AA727C466C8D"
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-6601f-dc:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A56F4F2D-BE9B-458C-B906-017D14DEABBA"
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-7030e:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "DEADC8C2-1DB4-4CB9-A014-7EF279C03C08"
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-7040e:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A6BBD9D7-5F9B-4438-91F9-EB496C8186C5"
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-7060e:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "187AAEF7-3FBF-488C-9935-2FA15D131228"
},
{
"criteria": "cpe:2.3:h:fortinet:fortigate-7121f:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D9294854-FC23-4682-A695-325CA3347F37"
},
{
"criteria": "cpe:2.3:h:fortinet:fpm-7620e:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CAFABB00-194B-41E4-940C-A5CF3A9CECEB"
},
{
"criteria": "cpe:2.3:h:fortinet:fpm-7620f:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B2CC0365-4336-4700-9A29-1AEA0CA781AF"
},
{
"criteria": "cpe:2.3:h:fortinet:fpm-7630e:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D7E4F7F8-50E4-4774-B1E7-13DC1A289104"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]