Severity
High
Analysis Summary
CVE-2022-42475
Fortinet FortiOS is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the SSL-VPN. By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Impact
Buffer Overflow
Indicators Of Compromise
CVE
- CVE-2022-42475
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiOS 6.2.0
- Fortinet FortiOS 6.4.0
- Fortinet FortiOS 7.0.0
- Fortinet FortiOS 7.0.2
- Fortinet FortiOS 7.0.1
- Fortinet FortiOS 7.0.3
- Fortinet FortiOS 6.4.8
- Fortinet FortiOS 6.2.10
- Fortinet FortiOS 7.0.5
- Fortinet FortiOS 7.2.0
- Fortinet FortiOS 6.4.9
- Fortinet FortiOS 7.0.4
- Fortinet FortiOS 7.0.6
- Fortinet FortiOS 7.2.1
- Fortinet FortiOS 7.0.7
Remediation
Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.