High Threat Security Alert (A22-12-06): Vulnerability in Fortinet FortiOS


 

Published on: 13 December 2022

Description:

Fortinet released security advisory to address a remote code execution vulnerability in Fortinet FortiOS. An attacker could exploit the vulnerability by sending specially crafted requests to an affected system.

Fortinet has published technical details on observed attacks exploiting the remote code execution vulnerability (CVE-2022-42475) and information on the identified indicators of compromise. System administrators are advised to observe the advisory and immediately take the recommended actions to mitigate the elevated risk of cyber attacks.

Fortinet has released additional information on the remote code execution vulnerability (CVE-2022-42475) which affects FortiOS with SSL-VPN enabled. System administrators are advised to observe the advisory and immediately take the recommended actions to mitigate the elevated risk of cyber attacks.

Reports indicate that a remote code execution vulnerability (CVE-2022-42475) is being exploited in the wild. System administrators are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • FortiOS with SSL-VPN enabled

Please note that only several versions of Fortinet FortiOS and FortiProxy with SSL-VPN enabled are affected. For detailed information of the affected products, please refer to the section "Affected Products" of corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerability could lead to remote code execution on an affected system.

 

Recommendation:

Software updates for affected systems are now available.  Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. In case the security updates could not be applied immediately, system administrators should accord priority to disable SSL-VPN as recommended by the product vendor. As implementing the workaround may result in reduced functionality, system administrators should properly assess the impact before adopting the workaround.

 

More Information:

  • https://community.fortinet.com/t5/FortiGate/Technical-Tip-Critical-vulnerability-Protect-against-heap-based/ta-p/239420
  • https://www.fortiguard.com/psirt/FG-IR-22-398
  • https://www.hkcert.org/security-bulletin/fortinet-fortios-remote-code-execution-vulnerability_20221213
  • https://www.cisa.gov/uscert/ncas/current-activity/2022/12/12/fortinet-releases-security-updates-fortios
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42475
  • https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd


Tag: Fortinet , FortiOS
Tags