CVE-2022-42475 - Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability

Vulnerability Name

Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability

Description

Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes

https://www.fortiguard.com/psirt/FG-IR-22-398

https://nvd.nist.gov/vuln/detail/CVE-2022-42475

Related News Articles

Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink ExploitApril 12, 2025

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devicesApril 12, 2025

Fortinet: Hackers retain access to patched FortiGate VPNs using symlinksApril 12, 2025

Fortinet warns of new critical FortiManager flaw used in zero-day attacksOctober 23, 2024

CISA says critical Fortinet RCE flaw now exploited in attacksOctober 10, 2024