CVE-2022-42475 - FortiOS - heap-based buffer overflow in sslvpnd

2 years ago
December 13, 2022
4 comments
129 views

+7

dips
Veeam Legend
808 comments

For those folks who run Fortinet Devices:

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

The vulnerability has already been exploited in the wild.

CVSSv3 score is 9.3 with a rating of Critical so patch as soon as possible.

More info: PSIRT Advisories | FortiGuard

+13

marcofabbri
On the path to Greatness
990 comments
2 years ago
December 13, 2022

This is one of a hell vuln. No good at allo.

Backups are like pizza, I love them. | Linkedin: @marco-fabbri-it

+21

Chris.Childerhose
Veeam Legend, Veeam Vanguard
8506 comments
2 years ago
December 13, 2022

Read about this yesterday hopefully everyone gets patched.

+7

victorwu
Veeam Vanguard
375 comments
2 years ago
December 13, 2022

@dips Thank you for your information.

Victor Wu

+8

marco_s
Influencer
369 comments
2 years ago
January 5, 2023

This is a late post..but, if you cannot upgrade for some reason, you can disable 'ssl.< vdom >' interface on the device or you can disable ssl vpn # sh full-configuration vpn ssl settings | grep status # set status enable <--- change to disable (from Fortinet Support)

Marco Sorrentino - Italy | System Engineer | VMCE & VMCA

Comment

Rich Text Editor, editor1

Comment

Related topics

V15, new head, battery life halvedicon

New V15 battery rundown count time?icon

Annoyed new V15 owner

New Dyson V15 charging status stuck at 70%icon

Brand new V15 won't charge at allicon

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded