Heap Overflow in FortiOS/Pro SSL-VPN 6.07.2 (CVE-2022-42475)
CVE-2022-42475 Published on January 2, 2023
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Known Exploited Vulnerability
This Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.
The following remediation steps are recommended / required by January 3, 2023: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2022-42475 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. This vulnerability is known to be actively exploited by threat actors in an automatable fashion. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Numeric Truncation Error
Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. When a primitive is cast to a smaller primitive, the high order bits of the large value are lost in the conversion, potentially resulting in an unexpected value that is not equal to the original value. This value may be required as an index into a buffer, a loop iterator, or simply necessary state data. In any case, the value cannot be trusted and the system will be in an undefined state. While this method may be employed viably to isolate the low bits of a value, this usage is rare, and truncation usually implies that an implementation error has occurred.
Products Associated with CVE-2022-42475
stack.watch emails you whenever new vulnerabilities are published in Fortinet FortiOS or Fortinet FortiProxy. Just hit a watch button to start following.
Affected Versions
Fortinet FortiProxy:- Version 7.2.0, <= 7.2.1 is affected.
- Version 7.0.0, <= 7.0.7 is affected.
- Version 2.0.0, <= 2.0.11 is affected.
- Version 1.2.0, <= 1.2.13 is affected.
- Version 1.1.0, <= 1.1.6 is affected.
- Version 1.0.0, <= 1.0.7 is affected.
- Version 7.2.0, <= 7.2.2 is affected.
- Version 7.0.0, <= 7.0.8 is affected.
- Version 6.4.0, <= 6.4.10 is affected.
- Version 6.2.0, <= 6.2.11 is affected.
- Version 6.0.0, <= 6.0.15 is affected.
- Version 5.6.0, <= 5.6.14 is affected.
- Version 5.4.0, <= 5.4.13 is affected.
- Version 5.2.0, <= 5.2.15 is affected.
- Version 5.0.0, <= 5.0.14 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.