CVE-2022-42475

Summary

CVE-2022-42475 is a heap-based buffer overflow vulnerability in FortiOS SSL-VPN versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, and 6.0.15 and earlier, as well as FortiProxy SSL-VPN versions 7.2.0 through 7.2.1 and 7.0.7 and earlier, that could allow a remote unauthenticated attacker to execute arbitrary code or commands by sending specially crafted requests via the network interface (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). To remediate this vulnerability, users should upgrade to the latest version of FortiOS SSL-VPN or FortiProxy SSL-VPN provided by the vendor (Fortinet) (source: [email protected]). This vulnerability poses a high danger to organizations as it could enable attackers to gain unauthorized access to sensitive systems and execute malicious code or commands remotely without authentication, potentially leading to data breaches or system compromise.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.