← back
CVE-2022-42475

CVE-2022-42475

CVSS 9.3 CRITICALEPSS 99.5%● KEVCWE-197
Vexday Risk Score
100Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 9.3EPSS 99.5%KEV simPoC públicaNuclei Metasploit Patch
Lifecycle
13 Dec 2022Active exploitation (CISA KEV)
02 Jan 2023Published on NVD
17 Jan 2023Public PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A critical flaw in FortiOS and FortiProxy SSL-VPN allows remote attackers to crash the system or run malicious code without needing to log in. This happens because the software doesn't properly check the size of data it receives, letting attackers send specially crafted requests that overflow memory.

Technical detail

A heap-based buffer overflow in FortiOS and FortiProxy SSL-VPN (multiple versions) enables unauthenticated remote code execution via malformed SSL-VPN requests. The vulnerability stems from insufficient bounds checking on input data, allowing an attacker to overwrite heap memory and achieve arbitrary code execution without authentication.

Summary generated and translated by AI from the official description.
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C
Affected products
Fortinet · FortiOSFortinet · FortiProxy
public PoCs found8
githubgithub.com/scrt/cve-2022-42475109githubgithub.com/0xhaggis/CVE-2022-4247534githubgithub.com/P4x1s/CVE-2022-42475-RCE-POC8githubgithub.com/Amir-hy/cve-2022-424757githubgithub.com/bryanster/ioc-cve-2022-424751githubgithub.com/Mustafa1986/cve-2022-42475-Fortinet1githubgithub.com/natceil/cve-2022-424750githubgithub.com/ArthurHendrich/CVE-2022-42475-POC0
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fortiguard.com/psirt/FG-IR-22-398https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42475