Get in Touch

Get in Touch

Get in Touch

Please get in touch using the form below.

Close form

Menu

Critical Fortinet vulnerability exploited in the wild

Home / Threat Intelligence bulletins / Critical Fortinet vulnerability exploited in the wild

Target Industry

Indiscriminate and opportunistic targeting.

Overview

Severity level: Critical – Flaw can enable unauthenticated users to conduct malicious remote code execution.

Common Vulnerability Scoring System (CVSS): 9.3.

Fortinet has released patches to counter a known zero-day critical vulnerability that affects FortiOS SSL-VPN products. If the vulnerability remains unpatched, the flaw can allow an attacker to execute arbitrary code or commands via specifically crafted requests.

Reported by Fortinet, there is at least one known instance of this vulnerability being executed in the wild.

The vulnerability is described as a heap-based buffer overflow vulnerability that is being tracked as CVE-2022-42475.

Impact

Successful CVE-2022-42475 exploitation will likely result in the threat actor executing remote codes and commands, allowing them to crash critical systems remotely.

Vulnerability Detection

The FortiOS product versions vulnerable to this CVE are listed below.

Affected Products

  • FortiOS version 7.2.0 through 7.2.2
  • FortiOS version 7.0.0 through 7.0.8
  • FortiOS version 6.4.0 through 6.4.10
  • FortiOS version 6.2.0 through 6.2.11
  • FortiOS-6K7K version 7.0.0 through 7.0.7
  • FortiOS-6K7K version 6.4.0 through 6.4.9
  • FortiOS-6K7K version 6.2.0 through 6.2.11
  • FortiOS-6K7K version 6.0.0 through 6.0.14

Containment, Mitigations & Remediations

To remove the threat posed against business systems, customers are advised to patch FortiOS products to at least the following level:

  • FortiOS version 7.2.3 or above
  • FortiOS version 7.0.9 or above
  • FortiOS version 6.4.11 or above
  • FortiOS version 6.2.12 or above
  • FortiOS-6K7K version 7.0.8 or above
  • FortiOS-6K7K version 6.4.10 or above
  • FortiOS-6K7K version 6.2.12 or above
  • FortiOS-6K7K version 6.0.15 or above

Indicators of Compromise

Associated CVE-2022-42475 IPs and ports:

  • 188.34.130.40:444
  • 103.131.189.143:30080,30081,30443,20443
  • 192.36.119.61:8443,444
  • 172.247.168.153:8033

Associated CVE-2022-42475 hashes:

  • 8c7c2d107634515b852f1b692eb3bf01
  • cc5871850d3237f1a846420ef7c0c3e6

Threat Landscape

Vulnerabilities such as this are constantly being developed and exploited, and it is up to the cyber security industry to ensure that every effort is being made to mitigate threats. Due to the scale of potential gaps in system security infrastructure, it is almost certain that these threats will continue to develop year on year.

Threat Group

No threat actors or groups have been associated with this vulnerability.

Mitre Methodologies

T1190 – Exploit Public-Facing Application
T1210 – Exploitation of Remote Services
T1489 – Service Stop
T1529 – System Shutdown/Reboot

Further Information

FortiGuard Labs – CVE-2022-42475