FortiOS SSL-VPN Buffer Overflow Vulnerability
CVE-2022-42475

9.8CRITICAL

Key Information:

Vendor
Fortinet
Status
Fortiproxy
FortiOS
Vendor
CVE Published:
2 January 2023

Badges

πŸ”₯ Trending nowπŸ“ˆ TrendedπŸ“ˆ Score: 7,700πŸ’° RansomwareπŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 93%πŸ¦… CISA Reported

What is CVE-2022-42475?

CVE-2022-42475 is a critical vulnerability found in FortiOS, the operating system used by Fortinet for their network security products, particularly in its SSL-VPN feature. This vulnerability arises from a heap-based buffer overflow, which allows attackers to send specially crafted requests that could lead to arbitrary code execution. The impact of this vulnerability is significant, as it could allow unauthorized individuals to take control of affected systems, compromising sensitive data and potentially leading to extensive disruptions in organizational operations.

Technical Details

CVE-2022-42475 affects multiple versions of FortiOS SSL-VPN ranging from 6.0.15 and earlier to 7.2.2. The vulnerability occurs during the handling of requests, where the mishandling of buffer allocations allows for overflow, giving an attacker the opportunity to execute malicious code remotely without authentication. Additionally, FortiProxy SSL-VPN versions 7.0.7 and earlier show similar vulnerabilities, highlighting several systems at risk within the Fortinet ecosystem.

Potential Impact of CVE-2022-42475

  1. Remote Code Execution: The most severe impact is the ability for an unauthenticated remote attacker to execute arbitrary code on the vulnerable system, which could facilitate complete system control.

  2. Data Breach Risk: Exploitation of this vulnerability may lead to unauthorized access to sensitive organizational data, which could result in data theft or exposure of critical information.

  3. Operational Disruption: Should the vulnerability be exploited, it could cause significant operational disruptions, affecting the availability of services and potentially leading to costly downtime and recovery efforts for affected organizations.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

FortiOS 7.2.0 <= 7.2.2

FortiOS 7.0.0 <= 7.0.8

FortiOS 6.4.0 <= 6.4.10

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2022-42475
Created by scrt

CVE-2022-42475
Created by 0xhaggis

CVE-2022-42475-RCE-POC
Created by CKevens

References

https://fortiguard.com/psirt/FG-IR-22-398

EPSS Score

93% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“ˆ

    Vulnerability started trending

  • 🟑

    Public PoC available

  • Vulnerability published

  • πŸ’°

    Used in Ransomware

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • Vulnerability Reserved

.