Severity Rating: CRITICAL
Software Affected
FortiOS versions prior to 7.2.3
FortiOS versions prior to 7.0.9
FortiOS versions prior to 6.4.11
FortiOS versions prior to 6.2.12
FortiOS-6K7K versions prior to 7.0.8
FortiOS-6K7K versions prior to 6.4.10
FortiOS-6K7K versions prior to 6.2.12
FortiOS-6K7K versions prior to 6.0.15
Overview
A
vulnerability has been reported in FortiOS, which could allow an
unauthenticated remote attacker to execute arbitrary code on the
targeted system.
Description
This
vulnerability exists in FortiOS due to a boundary error within the
SSL-VPN. An attacker could exploit this vulnerability by sending
specially crafted requests to the SSL-VPN interface.
Successful
exploitation of this vulnerability could allow an unauthenticated
remote attacker to trigger a heap-based buffer overflow and execute
arbitrary code on the target system.
Note: This vulnerability is being exploited in the wild.
Solution
Upgrade to the latest versions of FortiOS as mentioned in the vendor advisory:
Vendor Information
Fortiguard
References
Fortiguard
CVE Name
CVE-2022-42475
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.