CVSS 3.1 Score 9.8 of 10 (high)


Published Jan 2, 2023
Updated: Nov 7, 2023
CWE ID 787
CWE ID 197


CVE-2022-42475 is a heap-based buffer overflow vulnerability in FortiOS SSL-VPN versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, and 6.0.15 and earlier, as well as FortiProxy SSL-VPN versions 7.2.0 through 7.2.1 and 7.0.7 and earlier, that could allow a remote unauthenticated attacker to execute arbitrary code or commands by sending specially crafted requests via the network interface (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). To remediate this vulnerability, users should upgrade to the latest version of FortiOS SSL-VPN or FortiProxy SSL-VPN provided by the vendor (Fortinet) (source: [email protected]). This vulnerability poses a high danger to organizations as it could enable attackers to gain unauthorized access to sensitive systems and execute malicious code or commands remotely without authentication, potentially leading to data breaches or system compromise.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2022-42475 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options