FortiOS - heap-based buffer overflow in sslvpnd
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-22-398
Final
1
1
2022-12-12T00:00:00
Current version
2022-12-12T00:00:00
2022-12-12T00:00:00
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Exploitation status: Fortinet is aware of an instance where this vulnerability was exploited in the wild, and recommends immediately validating your systems against the following indicators of compromise: Multiple log entries with: Logdesc=Application crashed and msg=[...] application:sslvpnd,[...], Signal 11 received, Backtrace: [...] Presence of the following artifacts in the filesystem: /data/lib/libips.bak /data/lib/libgif.so /data/lib/libiptcp.so /data/lib/libipudp.so /data/lib/libjepg.so /var/.sslvpnconfigbk /data/etc/wxd.conf /flash Connections to suspicious IP addresses from the FortiGate: 188.34.130.40:444 103.131.189.143:30080,30081,30443,20443 193.36.119.61:8443,444 172.247.168.153:8033 139.180.184.197 66.42.91.32 158.247.221.101 107.148.27.117 139.180.128.142 155.138.224.122 185.174.136.20 For more information on how to check for the presence of the indicators of compromise above, please visit this Knowledge Base entry, and contact customer support for assistance. Workaround: Disable SSL-VPN. Changelog: 2022-12-12: Added FOS6k/k 2022-12-22: Added FortiProxy 2022-12-27: Corrected typo in IOCs: 192.36.119.61 => 193.36.119.61
None
Execute unauthorized code or commands
FortiOS version 7.2.0 through 7.2.2 FortiOS version 7.0.0 through 7.0.8 FortiOS version 6.4.0 through 6.4.10 FortiOS version 6.2.0 through 6.2.11 FortiOS version 6.0.0 through 6.0.15 FortiOS version 5.6.0 through 5.6.14 FortiOS version 5.4.0 through 5.4.13 FortiOS version 5.2.0 through 5.2.15 FortiOS version 5.0.0 through 5.0.14 FortiOS-6K7K version 7.0.0 through 7.0.7 FortiOS-6K7K version 6.4.0 through 6.4.9 FortiOS-6K7K version 6.2.0 through 6.2.11 FortiOS-6K7K version 6.0.0 through 6.0.14 FortiProxy version 7.2.0 through 7.2.1 FortiProxy version 7.0.0 through 7.0.7 FortiProxy version 2.0.0 through 2.0.11 FortiProxy version 1.2.0 through 1.2.13 FortiProxy version 1.1.0 through 1.1.6 FortiProxy version 1.0.0 through 1.0.7
Please upgrade to FortiOS version 7.2.3 or above Please upgrade to FortiOS version 7.0.9 or above Please upgrade to FortiOS version 6.4.11 or above Please upgrade to FortiOS version 6.2.12 or above Please upgrade to FortiOS version 6.0.16 or above Please upgrade to upcoming FortiOS-6K7K version 7.0.8 or above Please upgrade to FortiOS-6K7K version 6.4.10 or above Please upgrade to FortiOS-6K7K version 6.2.12 or above Please upgrade to FortiOS-6K7K version 6.0.15 or above Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above Please upgrade to upcoming FortiProxy version 2.0.12 or above
FortiOS 7.2.2
FortiOS 7.2.1
FortiOS 7.2.0
FortiOS 7.0.8
FortiOS 7.0.7
FortiOS 7.0.6
FortiOS 7.0.5
FortiOS 7.0.4
FortiOS 7.0.3
FortiOS 7.0.2
FortiOS 7.0.1
FortiOS 7.0.0
FortiOS 6.4.10
FortiOS 6.4.9
FortiOS 6.4.8
FortiOS 6.4.7
FortiOS 6.4.6
FortiOS 6.4.5
FortiOS 6.4.4
FortiOS 6.4.3
FortiOS 6.4.2
FortiOS 6.4.1
FortiOS 6.4.0
FortiOS 6.2.11
FortiOS 6.2.10
FortiOS 6.2.9
FortiOS 6.2.8
FortiOS 6.2.7
FortiOS 6.2.6
FortiOS 6.2.5
FortiOS 6.2.4
FortiOS 6.2.3
FortiOS 6.2.2
FortiOS 6.2.1
FortiOS 6.2.0
FortiOS 6.0.15
FortiOS 6.0.14
FortiOS 6.0.13
FortiOS 6.0.12
FortiOS 6.0.11
FortiOS 6.0.10
FortiOS 6.0.9
FortiOS 6.0.8
FortiOS 6.0.7
FortiOS 6.0.6
FortiOS 6.0.5
FortiOS 6.0.4
FortiOS 6.0.3
FortiOS 6.0.2
FortiOS 6.0.1
FortiOS 6.0.0
FortiOS 5.6.14
FortiOS 5.6.13
FortiOS 5.6.12
FortiOS 5.6.11
FortiOS 5.6.10
FortiOS 5.6.9
FortiOS 5.6.8
FortiOS 5.6.7
FortiOS 5.6.6
FortiOS 5.6.5
FortiOS 5.6.4
FortiOS 5.6.3
FortiOS 5.6.2
FortiOS 5.6.1
FortiOS 5.6.0
FortiOS 5.4.13
FortiOS 5.4.12
FortiOS 5.4.11
FortiOS 5.4.10
FortiOS 5.4.9
FortiOS 5.4.8
FortiOS 5.4.7
FortiOS 5.4.6
FortiOS 5.4.5
FortiOS 5.4.4
FortiOS 5.4.3
FortiOS 5.4.2
FortiOS 5.4.1
FortiOS 5.4.0
FortiOS 5.2.15
FortiOS 5.2.14
FortiOS 5.2.13
FortiOS 5.2.12
FortiOS 5.2.11
FortiOS 5.2.10
FortiOS 5.2.9
FortiOS 5.2.8
FortiOS 5.2.7
FortiOS 5.2.6
FortiOS 5.2.5
FortiOS 5.2.4
FortiOS 5.2.3
FortiOS 5.2.2
FortiOS 5.2.1
FortiOS 5.2.0
FortiOS 5.0.14
FortiOS 5.0.13
FortiOS 5.0.12
FortiOS 5.0.11
FortiOS 5.0.10
FortiOS 5.0.9
FortiOS 5.0.8
FortiOS 5.0.7
FortiOS 5.0.6
FortiOS 5.0.5
FortiOS 5.0.4
FortiOS 5.0.3
FortiOS 5.0.2
FortiOS 5.0.1
FortiOS 5.0.0
FortiProxy 7.2.1
FortiProxy 7.2.0
FortiProxy 7.0.7
FortiProxy 7.0.6
FortiProxy 7.0.5
FortiProxy 7.0.4
FortiProxy 7.0.3
FortiProxy 7.0.2
FortiProxy 7.0.1
FortiProxy 7.0.0
FortiProxy 2.0.11
FortiProxy 2.0.10
FortiProxy 2.0.9
FortiProxy 2.0.8
FortiProxy 2.0.7
FortiProxy 2.0.6
FortiProxy 2.0.5
FortiProxy 2.0.4
FortiProxy 2.0.3
FortiProxy 2.0.2
FortiProxy 2.0.1
FortiProxy 2.0.0
FortiProxy 1.2.13
FortiProxy 1.2.12
FortiProxy 1.2.11
FortiProxy 1.2.10
FortiProxy 1.2.9
FortiProxy 1.2.8
FortiProxy 1.2.7
FortiProxy 1.2.6
FortiProxy 1.2.5
FortiProxy 1.2.4
FortiProxy 1.2.3
FortiProxy 1.2.2
FortiProxy 1.2.1
FortiProxy 1.2.0
FortiProxy 1.1.6
FortiProxy 1.1.5
FortiProxy 1.1.4
FortiProxy 1.1.3
FortiProxy 1.1.2
FortiProxy 1.1.1
FortiProxy 1.1.0
FortiProxy 1.0.7
FortiProxy 1.0.6
FortiProxy 1.0.5
FortiProxy 1.0.4
FortiProxy 1.0.3
FortiProxy 1.0.2
FortiProxy 1.0.1
FortiProxy 1.0.0
FortiOS - heap-based buffer overflow in sslvpnd
CVE-2022-42475
FortiOS-7.2.2
FortiOS-7.2.1
FortiOS-7.2.0
FortiOS-7.0.8
FortiOS-7.0.7
FortiOS-7.0.6
FortiOS-7.0.5
FortiOS-7.0.4
FortiOS-7.0.3
FortiOS-7.0.2
FortiOS-7.0.1
FortiOS-7.0.0
FortiOS-6.4.10
FortiOS-6.4.9
FortiOS-6.4.8
FortiOS-6.4.7
FortiOS-6.4.6
FortiOS-6.4.5
FortiOS-6.4.4
FortiOS-6.4.3
FortiOS-6.4.2
FortiOS-6.4.1
FortiOS-6.4.0
FortiOS-6.2.11
FortiOS-6.2.10
FortiOS-6.2.9
FortiOS-6.2.8
FortiOS-6.2.7
FortiOS-6.2.6
FortiOS-6.2.5
FortiOS-6.2.4
FortiOS-6.2.3
FortiOS-6.2.2
FortiOS-6.2.1
FortiOS-6.2.0
FortiOS-6.0.15
FortiOS-6.0.14
FortiOS-6.0.13
FortiOS-6.0.12
FortiOS-6.0.11
FortiOS-6.0.10
FortiOS-6.0.9
FortiOS-6.0.8
FortiOS-6.0.7
FortiOS-6.0.6
FortiOS-6.0.5
FortiOS-6.0.4
FortiOS-6.0.3
FortiOS-6.0.2
FortiOS-6.0.1
FortiOS-6.0.0
FortiOS-5.6.14
FortiOS-5.6.13
FortiOS-5.6.12
FortiOS-5.6.11
FortiOS-5.6.10
FortiOS-5.6.9
FortiOS-5.6.8
FortiOS-5.6.7
FortiOS-5.6.6
FortiOS-5.6.5
FortiOS-5.6.4
FortiOS-5.6.3
FortiOS-5.6.2
FortiOS-5.6.1
FortiOS-5.6.0
FortiOS-5.4.13
FortiOS-5.4.12
FortiOS-5.4.11
FortiOS-5.4.10
FortiOS-5.4.9
FortiOS-5.4.8
FortiOS-5.4.7
FortiOS-5.4.6
FortiOS-5.4.5
FortiOS-5.4.4
FortiOS-5.4.3
FortiOS-5.4.2
FortiOS-5.4.1
FortiOS-5.4.0
FortiOS-5.2.15
FortiOS-5.2.14
FortiOS-5.2.13
FortiOS-5.2.12
FortiOS-5.2.11
FortiOS-5.2.10
FortiOS-5.2.9
FortiOS-5.2.8
FortiOS-5.2.7
FortiOS-5.2.6
FortiOS-5.2.5
FortiOS-5.2.4
FortiOS-5.2.3
FortiOS-5.2.2
FortiOS-5.2.1
FortiOS-5.2.0
FortiOS-5.0.14
FortiOS-5.0.13
FortiOS-5.0.12
FortiOS-5.0.11
FortiOS-5.0.10
FortiOS-5.0.9
FortiOS-5.0.8
FortiOS-5.0.7
FortiOS-5.0.6
FortiOS-5.0.5
FortiOS-5.0.4
FortiOS-5.0.3
FortiOS-5.0.2
FortiOS-5.0.1
FortiOS-5.0.0
FortiProxy-7.2.1
FortiProxy-7.2.0
FortiProxy-7.0.7
FortiProxy-7.0.6
FortiProxy-7.0.5
FortiProxy-7.0.4
FortiProxy-7.0.3
FortiProxy-7.0.2
FortiProxy-7.0.1
FortiProxy-7.0.0
FortiProxy-2.0.11
FortiProxy-2.0.10
FortiProxy-2.0.9
FortiProxy-2.0.8
FortiProxy-2.0.7
FortiProxy-2.0.6
FortiProxy-2.0.5
FortiProxy-2.0.4
FortiProxy-2.0.3
FortiProxy-2.0.2
FortiProxy-2.0.1
FortiProxy-2.0.0
FortiProxy-1.2.13
FortiProxy-1.2.12
FortiProxy-1.2.11
FortiProxy-1.2.10
FortiProxy-1.2.9
FortiProxy-1.2.8
FortiProxy-1.2.7
FortiProxy-1.2.6
FortiProxy-1.2.5
FortiProxy-1.2.4
FortiProxy-1.2.3
FortiProxy-1.2.2
FortiProxy-1.2.1
FortiProxy-1.2.0
FortiProxy-1.1.6
FortiProxy-1.1.5
FortiProxy-1.1.4
FortiProxy-1.1.3
FortiProxy-1.1.2
FortiProxy-1.1.1
FortiProxy-1.1.0
FortiProxy-1.0.7
FortiProxy-1.0.6
FortiProxy-1.0.5
FortiProxy-1.0.4
FortiProxy-1.0.3
FortiProxy-1.0.2
FortiProxy-1.0.1
FortiProxy-1.0.0
9.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-22-398
FortiOS - heap-based buffer overflow in sslvpnd
Reference>