Fortinet fixed an actively exploited FortiOS SSL-VPN flaw that could allow a remote, unauthenticated attacker to execute arbitrary code on devices.
Fortinet urges customers to update their installs to address an actively exploited FortiOS SSL-VPN vulnerability, tracked as CVE-2022-42475, that could be exploited by an unauthenticated, remote attacker to execute arbitrary code on devices.
The CVE-2022-42475 flaw is a heap-based buffer overflow issue that resides in FortiOS sslvpnd.
“A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.” reads the advisory published by the security vendor. “Fortinet is aware of an instance where this vulnerability was exploited in the wild,”
Fortinet recommends its customers of checking the following indicators of compromise:
Multiple log entries with:
Logdesc="Application crashed" and msg="[...] application:sslvpnd,[...], Signal 11 received, Backtrace: [...]“
Presence of the following artifacts in the filesystem:
Connections to suspicious IP addresses from the FortiGate:
The vulnerability was first disclosed by cybersecurity firm Olympe Cyberdefense
Below is the list of affected products:
FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.10
FortiOS version 6.2.0 through 6.2.11
FortiOS-6K7K version 7.0.0 through 7.0.7
FortiOS-6K7K version 6.4.0 through 6.4.9
FortiOS-6K7K version 6.2.0 through 6.2.11
FortiOS-6K7K version 6.0.0 through 6.0.14
Fortinet addressed the issue with the release of FortiOS 7.2.3.
(SecurityAffairs – hacking, CVE-2022-42475)
The post Fortinet urges customers to fix actively exploited FortiOS SSL-VPN bug appeared first on Security Affairs.