TRY NOW
Vulnerability

Fortinet Fixes Critical Zero-Day RCE Vulnerability

2 min. read
13/12/2022
By Laura Libeer
Fortinet-Vulnerability-Featured

⚡ TL;DR | Go Straight to the Fortinet Vulnerability Report

Fortinet has released a number of emergency patches in response to a critical heap-based buffer overflow bug in FortiOS SSL-VPN. They are already aware of this vulnerability being exploited in the wild. An unauthenticated attacker could exploit the bug to execute arbitrary code. This could in turn lead to system crashes or allow a malicious actor to install programs, compromise critical data, or create new accounts with full user rights.

CVE-2022-42475

Fortinet’s security advisory describes the vulnerability tracked as CVE-2022-42475 as “A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN” which could allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. The vulnerability received a critical CVSS score of 9.3.

The advisory also mentions that Fortinet is aware of the vulnerability being exploited in the wild. They advise all users to validate their systems for a number of indicators of compromise:

  1. Multiple log entries with:
    Logdesc="Application crashed" and msg="[...] application:sslvpnd,[...], Signal 11 received, Backtrace: [...]“
  2. Presence of the following artifacts in the filesystem:
    /data/lib/libips.bak
    /data/lib/libgif.so
    /data/lib/libiptcp.so
    /data/lib/libipudp.so
    /data/lib/libjepg.so
    /var/.sslvpnconfigbk
    /data/etc/wxd.conf
    /flash
  3. Connections to the following suspicious IP addresses from the FortiGate:
    188.34.130.40:444
    103.131.189.143:30080,30081,30443,20443
    192.36.119.61:8443,444
    172.247.168.153:8033

Protect Vulnerable Fortinet Devices

CVE-2022-42475 affects several versions of FortiOS and FortiOS-6K7K. In order to protect your devices from attackers, they should be updated to the patched versions as soon as possible. You can find a list of all affected versions and the patched versions below.

ProductAffected VersionsUpdate to
FortiOS7.2.0 through 7.2.27.2.3 or above
7.0.0 through 7.0.87.0.9 or above
6.4.0 through 6.4.106.4.11 or above
6.2.0 through 6.2.116.2.12 or above
FortiOS-6K7K7.0.0 through 7.0.77.0.8 or above
6.4.0 through 6.4.96.4.10 or above
6.2.0 through 6.2.116.2.12 or above
6.0.0 through 6.0.146.0.15 or above

Discover Vulnerable Fortinet Devices

Our team at Lansweeper has created a special report, to help you find any Fortinet devices in your network that may be vulnerable to the vulnerability described above. The report will give you an actionable list of devices that may still need to be updated.

Fortinet Vulnerability Audit December 2022
NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.