Fortinet has released a patch for a critical zero-day security vulnerability affecting its FortiOS SSL-VPN product. The vulnerability could lead to remote code execution and is actively exploited.
CVE-2022-42475
CVE-2022-42475 is a heap-based buffer overflow vulnerability in FortiOS, and “may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests” and, in general, gain full control of vulnerable devices.
The flaw affects:
- FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, and 6.2.0 through 6.2.11
- FortiOS-6K7K version 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2.0 through 6.2.11, and 6.0.0 through 6.0.14
All users should update to the following versions to fix the security vulnerability, according to a security advisory published today by Fortinet.
Fortinet has updated the advisory, confirming that FortiOS 6.0.x and 5.x versions are vulnerable as well.According McNeill, a FortiOS 6.0.x security fix for this flaw might be in the works.
Fortinet has also confirmed that disabling the SSL-VPN functionality is a possible workaround.
Versions for FortiOS:
- 7.2.3 or above
- 7.0.9 or above
- 6.4.11 or above
- 6.2.12 or above
Versions for FortiOS-6K7K:
- 7.0.8 or above
- 6.4.10 or above
- 6.2.12 or above
- 6.0.15 or above
IOCS
connections to suspicious IP addresses from the FortiGate:
188.34.130.40:444
103.131.189.143:30080,30081,30443,20443
192.36.119.61:8443,444
172.247.168.153:8033
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment