Very High
CVE-2022-42475
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Very High
(1 user assessed)
Moderate
(1 user assessed)Unknown
Unknown
Unknown
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Description
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Add Assessment
Ratings
-
Attacker ValueVery High
-
ExploitabilityMedium
Technical Analysis
Heap-based buffer overflow in the sslvpnd component of Fortinet SSL VPNs. Fortinet disclosed publicly on December 12 with a note that it had been exploited in the wild, evidently after putting out a private warning to customers the week prior. Since then, there’s been community discussion about whether this was exploited as 0day or not, as the vendor evidently silently patched the vuln roughly two weeks before public disclosure (giving attackers plenty of time to reverse the patch before many customers were aware there was a problem).
Heap-based BOF probably isn’t quite as easily exploitable as, say, a stack-based cousin. Even if this wasn’t true 0day, my bets are on an advanced and/or state-sponsored threat actor being the culprit for initial exploitation. Not sure we’ll see mass exploitation right away, or even at all…unless of course someone figures out where the bug lives and develops a public exploit, in which case, the exploitability rating on this will ratchet up. The attacker value of compromising a Fortinet device is high enough to motivate folks.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportGeneral Information
Vendors
- Fortinet
Products
- FortiProxy,
- FortiOS
Exploited in the Wild
- Vendor Advisory (https://www.fortiguard.com/psirt/FG-IR-22-398)
- News Article or Blog (https://securityaffairs.com/140721/hacking/fortinet-ssl-vpn-cve-2022-42475-attacks.html)
Would you like to delete this Exploited in the Wild Report?
Yes, delete this reportWould you like to delete this Exploited in the Wild Report?
Yes, delete this report
Would you like to delete this Exploited in the Wild Report?
Yes, delete this report
Would you like to delete this Exploited in the Wild Report?
Yes, delete this reportReferences
Additional Info
Technical Analysis
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
A very nice and detailed analysis of a POC that exploits this vulnerability => A More Complete Exploit for Fortinet CVE-2022-42475
and another reference to a POC => Producing a POC for CVE-2022-42475 (Fortinet RCE)