Vulnerabilities > CVE-2022-42475 - Out-of-bounds Write vulnerability in Fortinet Fortios
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Related news
- Fortinet: Govt networks targeted with now-patched SSL-VPN zero-day (source)
- FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations (source)
- New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability (source)
- Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware (source)
- Report: Cyberespionage threat actor exploits CVE-2022-42475 FortiOS vulnerability (source)
- Fortinet: New FortiOS bug used as zero-day to attack govt networks (source)
- Iranian hackers breach US aviation org via Zoho, Fortinet bugs (source)
- CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities (source)
- Iranian hackers breach US aviation org via ManageEngine, Fortinet bugs (source)
- Chinese Coathanger malware hung out to dry by Dutch defense department (source)
- Chinese hackers infect Dutch military network with malware (source)