Issued: Tuesday, 13 December, 2022 |
Last Revision: Tuesday, 13 December, 2022 |
Vendor: |
Product: |
Severity Level: |
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. As per Fortinet this vulnerability is exploited in the wild. Successful exploitation could allow unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
| CVE/Vulnerability | Description | CVSS 3.1 Score | Exploitable |
| |
| CVE-2022-42475 CVE-2022-40684 | A heap-based buffer overflow vulnerability | 9.3 | Yes |
| |
Table 1: Vulnerability details
| Update Type | Product(s) Detail |
| |
| Security Updates | FortiOS version 7.2.0 through 7.2.2 FortiOS version 7.0.0 through 7.0.8 FortiOS version 6.4.0 through 6.4.10 FortiOS version 6.2.0 through 6.2.11 FortiOS-6K7K version 7.0.0 through7.0.7 FortiOS-6K7K version 6.4.0 through 6.4.9 FortiOS-6K7K version 6.2.0 through 6.2.11 FortiOS-6K7K version 6.0.0 through 6.0.14 |
| |
Table 2: Vulnerable versions
All entities should update to the latest version to remediate vulnerabilities.