13
Dez 2022
Vulnerability Alert - FortiOS
TYPE
Vulnerabilities
SYSTEMS AFFECTED
FortiOS versions 6.2.0, 6.4.0, 7.0.0 e 7.2.0; FortiOS-6K7K versions 6.0.0, 6.2.0, 6.4.0 e 7.0.0
ECOSYSTEM
Other
Description
A security advisory was published about a critical Heap-based Buffer Overflow vulnerability (CVE-2022-42475) in FortiOS SSL-VPN.
Please note that this vulnerability is being exploited in the wild. Moreover, please refer to [1] where it is recommended to validate your systems against the indicators of comprimise stated in the advisory.
Impact
A remote unauthenticated attacker could execute arbitrary code.
Resolution
It is recommended to upgrade to the most recent versions:
- FortiOS version 7.2.3 or above;
- FortiOS version 7.0.9 or above;
- FortiOS version 6.4.11 or above;
- FortiOS version 6.2.12 or above;
- FortiOS-6K7K version 7.0.8 or above;
- FortiOS-6K7K version 6.4.10 or above;
- FortiOS-6K7K version 6.2.12 or above;
- FortiOS-6K7K version 6.0.15 or above.
References