Web Application SecurityFortiOS.SSL-VPN.Heap.Buffer.Overflow
Description
This indicates an attack attempt to exploit an heap-based buffer overflow vulnerability in FortiOS.
The vulnerability is due to an error in sslvpnd when handling requests which may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Affected Products
FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.10
FortiOS version 6.2.0 through 6.2.11
FortiOS version 6.0.0 through 6.0.15
FortiOS version 5.6.0 through 5.6.14
FortiOS version 5.4.0 through 5.4.13
FortiOS version 5.2.0 through 5.2.15
FortiOS version 5.0.0 through 5.0.14
FortiOS-6K7K version 7.0.0 through 7.0.7
FortiOS-6K7K version 6.4.0 through 6.4.9
FortiOS-6K7K version 6.2.0 through 6.2.11
FortiOS-6K7K version 6.0.0 through 6.0.14
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.fortiguard.com/psirt/FG-IR-22-398
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-01-03 | 0.00338 |
CVE References
CVE-2022-42475| ID | 1090501634 |
| Created | Jan 03, 2023 |
| Updated | Jan 06, 2023 |
| Risk |
|
| Default Action | pass |
| Active | |
| Affected OS | Other |
| Affected App | Other |
| Engine Version | 5.0.0 or later |