CVE-2022-42475
CRITICALCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Analysis
FortiOS SSL-VPN contains a heap-based buffer overflow allowing unauthenticated remote code execution, exploited as a zero-day from October 2022 by suspected Chinese state-sponsored actors targeting government networks.
Technical Context
The CWE-122 heap overflow in the SSL-VPN's request processing allows crafted requests to overflow a heap buffer, enabling arbitrary code execution with root privileges on the FortiGate appliance. The exploit targets the SSL-VPN web portal component accessible to any remote user.
Affected Products
['FortiOS SSL-VPN 7.2.0 through 7.2.2', 'FortiOS SSL-VPN 7.0.0 through 7.0.8', 'FortiOS SSL-VPN 6.4.0 through 6.4.10', 'FortiOS SSL-VPN 6.2.0 through 6.2.11', 'FortiProxy SSL-VPN 7.2.0 through 7.2.1']
Remediation
Upgrade FortiOS immediately. Check for indicators of UNC3886/BOLDMOVE compromise. Review firewall logs for anomalies. Verify firmware integrity. Rotate all credentials accessible from the FortiGate.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today