CVE-2022-42475 — CRITICAL (9.8)

Q: How severe is CVE-2022-42475?

CVE-2022-42475 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-42475?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortios, Fortinet Fortiproxy, Fortinet Fim-7901E, Fortinet Fim-7904E, Fortinet Fim-7910E.

Vulnerability Description

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fortinet	Fortios	>= 5.0.0, <= 5.0.14
Fortinet	Fortiproxy	>= 1.0.0, <= 1.0.7
Fortinet	Fim-7901E	-
Fortinet	Fim-7904E	-
Fortinet	Fim-7910E	-
Fortinet	Fim-7920E	-
Fortinet	Fim-7921F	-
Fortinet	Fim-7941F	-
Fortinet	Fortigate-6300F	-
Fortinet	Fortigate-6300F-Dc	-
Fortinet	Fortigate-6500F	-
Fortinet	Fortigate-6500F-Dc	-
Fortinet	Fortigate-6501F	-
Fortinet	Fortigate-6501F-Dc	-
Fortinet	Fortigate-6601F	-
Fortinet	Fortigate-6601F-Dc	-
Fortinet	Fortigate-7030E	-
Fortinet	Fortigate-7040E	-
Fortinet	Fortigate-7060E	-
Fortinet	Fortigate-7121F	-

Related Weaknesses (CWE)

CWE-787 CWE-197

References

https://fortiguard.com/psirt/FG-IR-22-398ExploitMitigationVendor Advisory
https://fortiguard.com/psirt/FG-IR-22-398ExploitMitigationVendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-US Government Resource

FAQ

What is CVE-2022-42475?

CVE-2022-42475 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN...

How severe is CVE-2022-42475?

CVE-2022-42475 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-42475?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortios, Fortinet Fortiproxy, Fortinet Fim-7901E, Fortinet Fim-7904E, Fortinet Fim-7910E.