9.8
CVSSv3

CVE-2022-42475

Published: 02/01/2023 Updated: 09/01/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

Vulnerability Summary

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 up to and including 7.2.2, 7.0.0 up to and including 7.0.8, 6.4.0 up to and including 6.4.10, 6.2.0 up to and including 6.2.11, 6.0.15 and previous versions and FortiProxy SSL-VPN 7.2.0 up to and including 7.2.1, 7.0.7 and previous versions may allow a remote unauthenticated malicious user to execute arbitrary code or commands via specifically crafted requests.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fortinet fortios

fortinet fortiproxy

fortinet fortiproxy 7.2.0

Vendor Advisories

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests   Exploitation status: Fortinet is aware of an instance where this vulnerability was exploited in the wild, and recommends immediately validating ...

Github Repositories

FortiOS SSL-VPN buffer overflow vulnerability cve-2022-42475 nvdnistgov/vuln/detail/CVE-2022-42475 POC code to exploit the Heap overflow in Fortinet's SSLVPN daemon Notes This is a quick and dirty POC that will probably not work anywhere unless you are extremely lucky It is version dependent and contains some hardcoded offsets which will most likely change from

CVE-2022-42475-RCE-POC CVE-2022-42475 飞塔RCE漏洞 POC

CVE-2022-42475-RCE Unauthenticated RCE in Fortinet ssl-vpn service (fortiOS and FortiProxy) full chained RCE exploit for Fortinet, supports list of ips and threading and included list of ips shodan Dork httphtml_hash:-1454941180 download Affected Products FortiOS version 720 through 722 FortiOS version 700 through 708 FortiOS ver

CVE-2022-42475 A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 720 through 722, 700 through 708, 640 through 6410, 620 through 6211, 6015 and earlier and FortiProxy SSL-VPN 720 through 721, 707 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests authen

cve-2022-42475 POC code to exploit the Heap overflow in Fortinet's SSLVPN daemon Notes This is a quick and dirty POC that will probably not work anywhere unless you are extremely lucky It is version dependent and contains some hardcoded offsets which will most likely change from one system to another

ioc-cve-2022-42475 a simple util that uses ssh to check for the ioc's noted in fortiguard it uses ssh and runs the commands described on fortinet forum build git clone the project this is developed on 1661 build using cargo: cargo build --release run after building it runs like any other commandline utility /ioc-cve-2022-4247

cve-2022-42475 POC code to exploit the Heap overflow in Fortinet's SSLVPN daemon Usage pip install pwntools To use this code, you can save it in a file, say exploitpy, and then run it with Python in the command line, passing in the required arguments Here's an example command to run the exploit python exploitpy <target_host> <target_port&g

CVE-2023-25610 A critical buffer underwrite ('buffer underflow') vulnerability in FortiOS & FortiProxy interfaces may allow a remote unauthenticated attacker to execute arbitrary code on the device and take control of the impacted Product PSIRT CRITICAL ADVISORY FortiOS / FortiProxy Remote Code Execution CVE-2023-25610 If you are receiving this notice, it i

Recent Articles

India floats plan to make big tech pay for news, walks back government censorship
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources PLUS: Taiwan’s new supercomputer; China-linked cybercrims strike; Australian content clampdown; and more What keeps this FBI director up at night? China’s AI work, for one

Asia In Brief India's IT minister has signaled he is willing to revisit a proposal to use government fact checkers to decide what is fake news that should be removed from social media.
In remarks made to Indian outlet The Economic Times, minister of state for electronics and IT Rajeev Chandrasekhar said the government's plan was to "crack down on enemies of India, state actors, those with vested interests, child sexual abuse, and religious incitement" – but not on general news or comment...

Microsoft ain't the only one squashing exploited-in-the-wild bugs this month
The Register

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Plus there's a PoC for this unpatched Cisco bug

Patch Tuesday For its final Patch Tuesday of the year, Microsoft fixed one bug that's already been exploited in the wild – and another that's publicly known.
That brings its total for December to 49 patched vulnerabilities, six of which are rated critical.
The bug that's listed as exploited-in-the-wild is tracked as CVE-2022-44698. It's a Windows SmartScreen security feature bypass vulnerability, and it received a 5.4 CVSS rating.
"An attacker can craft a malicious file that ...