CVE-2022-42475: Unauthenticated Remote Code Execution Vulnerability in FortiOS; Exploitation Reported

Post Syndicated from Glenn Thorpe original https://blog.rapid7.com/2022/12/12/cve-2022-42475-unauthenticated-remote-code-execution-vulnerability-in-fortios-exploitation-reported/

CVE-2022-42475: Unauthenticated Remote Code Execution Vulnerability in FortiOS; Exploitation Reported

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too.

Today, December 12, 2022, FortiGuard Labs published advisory FG-IR-22-398 regarding a “heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN [which] may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.”

FortiGuard Labs has confirmed at least one instance of the vulnerability being exploited in the wild and included the current indicators of compromise (IOCs) for FortiOS administrators to utilize in reviewing the integrity of current vulnerable systems in their advisory.

Vulnerabilities of this nature, and on this type of system, have proven to be of high value to attackers. We strongly advise that organizations upgrade to an unaffected version of FortiOS on an emergency basis and follow FortiGuard’s advice to review existing systems for signs of compromise.

Affected products

  • FortiOS version 7.2.0 through 7.2.2
  • FortiOS version 7.0.0 through 7.0.8
  • FortiOS version 6.4.0 through 6.4.10
  • FortiOS version 6.2.0 through 6.2.11
  • FortiOS-6K7K version 7.0.0 through 7.0.7
  • FortiOS-6K7K version 6.4.0 through 6.4.9
  • FortiOS-6K7K version 6.2.0 through 6.2.11
  • FortiOS-6K7K version 6.0.0 through 6.0.14

Solutions

  • Please upgrade to FortiOS version 7.2.3 or above
  • Please upgrade to FortiOS version 7.0.9 or above
  • Please upgrade to FortiOS version 6.4.11 or above
  • Please upgrade to FortiOS version 6.2.12 or above
  • Please upgrade to FortiOS-6K7K version 7.0.8 or above
  • Please upgrade to FortiOS-6K7K version 6.4.10 or above
  • Please upgrade to FortiOS-6K7K version 6.2.12 or above
  • Please upgrade to FortiOS-6K7K version 6.0.15 or above

Rapid7 customers

Vulnerability checks for CVE-2022-42475 are under development and will be available to InsightVM and Nexpose customers in an upcoming content release.

Trending
infffirmary