CVE-2022-42475

Summary

CVE-2022-42475 is a buffer overflow vulnerability [CWE-122] affecting FortiOS SSL-VPN versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, and 6.0.15, as well as FortiProxy SSL-VPN versions 7.2.0 through 7.2.1 and 7.0.7 and earlier. This issue allows unauthenticated remote attackers to execute arbitrary code or commands through specifically crafted requests, exploiting the heap-based buffer overflow. Successful exploitation could result in significant security implications. Users of these Fortinet products are advised to apply relevant patches to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.