CVE-2022-42475 - Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
Project:Fortinet
Product:FortiOS
Date Added:2022-12-13Due Date:2023-01-03
Vulnerability Name
Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
Description
Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://www.fortiguard.com/psirt/FG-IR-22-398
https://nvd.nist.gov/vuln/detail/CVE-2022-42475
Related News Articles
Fortinet warns of new critical FortiManager flaw used in zero-day attacksOctober 23, 2024
CISA says critical Fortinet RCE flaw now exploited in attacksOctober 10, 2024
CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHubSeptember 10, 2024
NoName ransomware gang deploying RansomHub malware in recent attacksSeptember 10, 2024
UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term SpyingJune 19, 2024