CVE-2022-42475 - Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability

CVE-2022-42475: Fortinet | FortiOS

Date Added:
2022-12-13

Due Date:
2023-01-03

Vulnerability Name: Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability

Description: Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply updates per vendor instructions.

Additional Notes: https://www.fortiguard.com/psirt/FG-IR-22-398; https://nvd.nist.gov/vuln/detail/CVE-2022-42475

Related News Articles

Fortinet warns of new critical FortiManager flaw used in zero-day attacksOctober 23, 2024

CISA says critical Fortinet RCE flaw now exploited in attacksOctober 10, 2024

CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHubSeptember 10, 2024

NoName ransomware gang deploying RansomHub malware in recent attacksSeptember 10, 2024

UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term SpyingJune 19, 2024

Free security scan for your website

Don't show website scan report rating on the leaderboard