CVE-2022-42475 - Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability

CVE-2022-42475: Fortinet | FortiOS

Date Added:
2022-12-13

Due Date:
2023-01-03

Vulnerability Name: Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability

Description: Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply updates per vendor instructions.

Additional Notes: https://www.fortiguard.com/psirt/FG-IR-22-398; https://nvd.nist.gov/vuln/detail/CVE-2022-42475