- FortiOS faces a heap-based buffer overflow vulnerability that may enable a remote, unauthorized attacker to issue arbitrary commands or code via carefully orchestrated requests.
- A workaround for the issue exists and Fortinet advises users to validate and update their systems as soon as possible to protect themselves against the vulnerability.
- Fortinet reports that it will continue to track the activity on this vulnerability and update its sites accordingly.
Fortinet‘s FortiOS has been found critically vulnerable due to a bug described as “a heap-based buffer overflow vulnerability in FortiOS SSL-VPN“. The vulnerability can be tracked as CVE-2022-42475 and has received a CVSS rating of 9.8, which means critical, by the National Vulnerability Database of the U.S.
Allowing RCE
The vulnerability allows attackers to crash the vulnerable endpoints and gain remote code execution capabilities. The malware was a FortiOS-specific variation of a common Linux implant. The researchers of Fortinet state that the complexity of the exploit suggests an advanced actor. According to the advisory, this “advanced actor” focuses on government-related targets. You can see the details about the malware in Fortinet’s advisory.

Recommendations
Fortinet is aware of this vulnerability and advises users to validate their systems as soon as possible. You can find the steps you need to take to see if your system has been compromised by clicking here. The current workaround for those who can’t upgrade their systems is to disable the SSL-VPN feature.
Fortinet recommends updating to the latest versions for affected systems, which can be found below:
- FortiOS version 7.2.0 through 7.2.2
- FortiOS version 7.0.0 through 7.0.8
- FortiOS version 6.4.0 through 6.4.10
- FortiOS version 6.2.0 through 6.2.11
- FortiOS version 6.0.0 through 6.0.15
- FortiOS version 5.6.0 through 5.6.14
- FortiOS version 5.4.0 through 5.4.13
- FortiOS version 5.2.0 through 5.2.15
- FortiOS version 5.0.0 through 5.0.14
- FortiOS-6K7K version 7.0.0 through 7.0.7
- FortiOS-6K7K version 6.4.0 through 6.4.9
- FortiOS-6K7K version 6.2.0 through 6.2.11
- FortiOS-6K7K version 6.0.0 through 6.0.14
- FortiProxy version 7.2.0 through 7.2.1
- FortiProxy version 7.0.0 through 7.0.7
- FortiProxy version 2.0.0 through 2.0.11
- FortiProxy version 1.2.0 through 1.2.13
- FortiProxy version 1.1.0 through 1.1.6
- FortiProxy version 1.0.0 through 1.0.7