CVE-2022-42475 is a newly reported zero-day and a highly severe vulnerability in FortiOS that could trigger remote code execution. The vulnerability has been exploited in the wild, and affected organizations should apply the patch immediately.
CVE-2022-42475: What Is Known So Far?
The vulnerability has been described as a heap-based buffer overflow in FortiOS SSL-VPN that may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests, as per FortiGuard Labs (Fortinet) advisory.
Since the company has been aware of an instance in which the vulnerability was exploited, it advises companies to validate their systems against a list of specific indicators of compromise.
What Products Does CVE-2022-42475 Affect?
The list of affected products includes the following devices and versions:
FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.10
FortiOS version 6.2.0 through 6.2.11
FortiOS-6K7K version 7.0.0 through 7.0.7
FortiOS-6K7K version 6.4.0 through 6.4.9
FortiOS-6K7K version 6.2.0 through 6.2.11
FortiOS-6K7K version 6.0.0 through 6.0.14
Fortinet SSL-VPN Devices Have Been Targeted for Years
As pointed out by Tenable researchers, threat actors have been exploiting vulnerabilities in Fortinet SSL-VPN devices for several years. As a result, in 2021, the Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency issued a specialized advisory.
The advisory pointed out that advanced persistent threat (APT) actors have been using the said flaws to gain access to networks across multiple critical infrastructure sectors. The purpose of the attacks was to perform data exfiltration and data encryption. As for the point of entry, the experts said that spear phishing emails were likely used to gain initial access.
In September 2021, a threat actor disclosed SSL-VPN access information to 87,000 FortiGate SSL-VPN devices. The said credentials were taken from systems that remained unpatched against a specific vulnerability – CVE-2018-13379 – which was revealed in May 2019. Back then, the company issued an advisory and communicated directly with their customers, and had been encouraging them to upgrade the affected devices. However, as it turned out, many devices were left unpatched and hence, vulnerable to attacks and exploits. That is why following the recommendations of immediate patching should be strictly followed.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: