CVE-2022-42475

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.0.15 and earlier FortiOS versions 6.2.0 through 6.2.11 FortiOS versions 6.4.0 through 6.4.10 FortiOS versions 7.0.0 through 7.0.8 FortiOS versions 7.2.0 through 7.2.2 FortiProxy SSL-VPN versions 7.0.7 and earlier FortiProxy SSL-VPN versions 7.2.0 through 7.2.1

Description A heap-based buffer overflow vulnerability in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. The vulnerability has been exploited by Chinese state-sponsored hackers to infect over 20,000 devices, including those in the Dutch Ministry of Defense. The attackers used the vulnerability to deploy malware, including the COATHANGER RAT, and gain unauthorized access to networks. The estimated number of potentially affected devices worldwide is significant, with the vulnerability being exploited in various incidents.

Recommendations For FortiOS versions 6.0.15 and earlier: Update to a patched version or disable SSL-VPN as a temporary workaround. For FortiOS versions 6.2.0 through 6.2.11: Update to a patched version or disable SSL-VPN as a temporary workaround. For FortiOS versions 6.4.0 through 6.4.10: Update to a patched version or disable SSL-VPN as a temporary workaround. For FortiOS versions 7.0.0 through 7.0.8: Update to a patched version or disable SSL-VPN as a temporary workaround. For FortiOS versions 7.2.0 through 7.2.2: Update to a patched version or disable SSL-VPN as a temporary workaround. For FortiProxy SSL-VPN versions 7.0.7 and earlier: Update to a patched version or disable SSL-VPN as a temporary workaround. For FortiProxy SSL-VPN versions 7.2.0 through 7.2.1: Update to a patched version or disable SSL-VPN as a temporary workaround.