- Fortinet warned users about a heap-based buffer overflow vulnerability in FortiOS SSL-VPN.
- The company stated that the vulnerability may allow a remote unauthenticated attacker to execute arbitrary code or commands.
- Fortinet is aware of an instance where this vulnerability was exploited in the wild and recommends validating systems immediately.
Fortinet urged users to patch their appliances as soon as possible. Fortinet announced that a heap-based buffer overflow vulnerability in FortiOS sslvpnd, tracked as CVE-2022-42475, is under active exploitation. The SSL-VPN vulnerability allows unauthenticated remote code execution, enabling attackers to crash devices remotely or perform code execution.
FortiOS heap-based buffer overflow vulnerability
Fortinet stated that the heap-based buffer overflow vulnerability in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. The vulnerability has a CVSSv3 score of 9.3. The company also admitted that they are aware of active exploitation in the wild and recommends validating systems against the following indicators:
Multiple log entries with:
Logdesc="Application crashed" and msg="[...] application:sslvpnd,[...], Signal 11 received, Backtrace: [...]“
Affected products are:
- FortiOS version 7.2.0 through 7.2.2
- FortiOS version 7.0.0 through 7.0.8
- FortiOS version 6.4.0 through 6.4.10
- FortiOS version 6.2.0 through 6.2.11
- FortiOS version 6.0.0 through 6.0.15
- FortiOS version 5.6.0 through 5.6.14
- FortiOS version 5.4.0 through 5.4.13
- FortiOS version 5.2.0 through 5.2.15
- FortiOS version 5.0.0 through 5.0.14
- FortiOS-6K7K version 7.0.0 through 7.0.7
- FortiOS-6K7K version 6.4.0 through 6.4.9
- FortiOS-6K7K version 6.2.0 through 6.2.11
- FortiOS-6K7K version 6.0.0 through 6.0.14
- FortiOS version 7.2.3 or above
- FortiOS version 7.0.9 or above
- FortiOS version 6.4.11 or above
- FortiOS version 6.2.12 or above
- FortiOS-6K7K version 7.0.8 or above
- FortiOS-6K7K version 6.4.10 or above
- FortiOS-6K7K version 6.2.12 or above
- FortiOS-6K7K version 6.0.15 or above
Fortinet also provided a workaround for the vulnerability, which is to disable SSL-VPN. The vulnerability was reported by a French cybersecurity firm, Olympe Cyberdefense. The bugs were fixed before the 28th of November but the company didn’t release any information about the exploitation.