Table of Contents
  • Home
  • /
  • Blog
  • /
  • How to Fix CVE-2022-42475- A Critical Buffer Overflow Vulnerability in FortiOS SSL-VPN
December 13, 2022
|
5m

How to Fix CVE-2022-42475- A Critical Buffer Overflow Vulnerability in FortiOS SSL-VPN


How To Fix Cve 2022 42475 A Critical Buffer Overflow Vulnerability In Fortios Ssl Vpn

Fortinet issued a warning bell about the exploitation of a critical buffer overflow vulnerability in FortiOS SSL-VPN. The flaw has been tracked with an identifier CVE-2022-42475 and has got a score of 9.3 out of 10 on the CVSS scale. as per the advisory, the vulnerability allows an unauthenticated, remote attacker to execute arbitrary code or commands on devices running vulnerable versions of ForitOS via specifically crafted requests.  Since Fortinet found instances of exploitation of this flaw in the wild, it is highly important to know how to fix CVE-2022-42475, a critical buffer overflow vulnerability in FortiOS SSL-VPN.

A Short Note About FortiOS:

FortiOS is a network security operating system developed by Fortinet, Inc. It provides a comprehensive set of networking and security features for organizations across all industries. With its unified architecture approach, FortiOS can be deployed on a wide range of Fortinet products including the FortiGate next-generation firewalls, the FortiWiFi wireless access points, and the FortiCloud cloud security solution. It can also be deployed on virtual machines and various other platforms such as Amazon Web Services (AWS) or Microsoft Azure.

The FortiOS operating system is designed to provide organizations with the flexibility and scalability they need to protect their networks in any environment. Fortinet also offers additional products such as the FortiManager appliance, which provides centralized management capabilities for large-scale deployments. These products work together with FortiOS to provide comprehensive network security solutions for organizations of all sizes.

Among its capabilities are firewall protection, intrusion prevention, application control, content filtering, secure web gateway, and more. It also offers advanced features such as deep packet inspection (DPI), threat intelligence, and zero-trust security. With its multi-layered defense architecture and robust feature set, FortiOS is a powerful solution for any organization seeking to protect its network infrastructure.

Summary of  CVE-2022-42475:

This is a heap-based buffer overflow vulnerability in FortiOS SSL-VPN. It allows an unauthenticated, remote attack to execute arbitrary code or commands on devices running vulnerable versions of ForitOS. This vulnerability is rated Critical and assigned a CVSS score of 9.3 out of 10. Attackers could exploit this vulnerability just by sending a specially crafted HTTP(S) request. According to the vendor, more details about the flaw is undisclosed due to security reasons.

The CVE entry for CVE-2022-42475 is still "RESERVED". Despite some of the fixed FortiOS versions being available a month ago, there was no mention of there being a vulnerability fixed until today it seems. 🤔

CVE-ID
CVE-2022-42475
Learn more at National Vulnerability Database (NVD)
• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Joe Roosen
Joe Roosen
@JRoosen

fortiguard.com/psirt/FG-IR-22… active exploitation by a Ransomware group. Patch now and poor one out for Fortinet who seems to be having a very rough time lately.

66
Reply

FortiOS Versions Affected by CVE-2022-42475

There are multiple versions of ForitOS affected by this heap-based buffer overflow vulnerability in FortiOS SSL-VPN.

  • FortiOS version 7.2.0 through 7.2.2

  • FortiOS version 7.0.0 through 7.0.8

  • FortiOS version 6.4.0 through 6.4.10

  • FortiOS version 6.2.0 through 6.2.11

  • FortiOS-6K7K version 7.0.0 through 7.0.7

  • FortiOS-6K7K version 6.4.0 through 6.4.9

  • FortiOS-6K7K version 6.2.0 through 6.2.11

  • FortiOS-6K7K version 6.0.0 through 6.0.14

How to Fix CVE-2022-42475- A Critical Buffer Overflow Vulnerability in FortiOS SSL-VPN?

Fortinet acknowledged the vulnerability by releasing the emergency patch on Dec 12th. All the users of the vulnerable version of FrotiOS are advised to upgrade their appliances running FortiOS versions 7.2.3, 7.0.9, 6.4.11, and 6.2.12 and FortiOS-6K7K versions 7.0.8, 6.4.10, 6.2.12, and 6.0.15.

Vulnerable VersionPatched Version
FortiOS version 7.2.0 through 7.2.27.2.3 or above
FortiOS version 7.0.0 through 7.0.87.0.9 or above
FortiOS version 6.4.0 through 6.4.106.4.11 or above
FortiOS version 6.2.0 through 6.2.116.2.12 or above
FortiOS-6K7K version 7.0.0 through 7.0.77.0.8 or above
FortiOS-6K7K version 6.4.0 through 6.4.96.4.10 or above
FortiOS-6K7K version 6.2.0 through 6.2.116.2.12 or above
FortiOS-6K7K version 6.0.0 through 6.0.146.0.15 or above

We recommend that users who can’t go for an upgrade immediately make the web console inaccessible from the public network and cover the admin console behind a VPN Firewall to access it from a remote place. In addition to this, Fortinet recommends users immediately validate their systems against the following indicators of compromise:

IOCs:

Multiple log entries with:

Logdesc=”Application crashed” and msg=”[…] application:sslvpnd,[…], Signal 11 received, Backtrace: […]“

Presence of the following artifacts in the filesystem:

  • /data/lib/libips.bak

  • /data/lib/libgif.so

  • /data/lib/libiptcp.so

  • /data/lib/libipudp.so

  • /data/lib/libjepg.so

  • /var/.sslvpnconfigbk

  • /data/etc/wxd.conf

  • /flash

Connections to suspicious IP addresses from the FortiGate:

  • 188.34.130.40:444

  • 103.131.189.143:30080,30081,30443,20443

  • 192.36.119.61:8443,444

  • 172.247.168.153:8033

How to Upgrade FortiOS?

If you want to go for the manual upgrade process, download the upgrade image from https://support.fortinet.com, go to the ‘File Upload’ tab and upload the image. For the recommended upgrade path, see Upgrade Path Tool.

  1. Log in to the console as an administrator

    Log into the FortiGate GUI as the admin administrative user.

  2. Go to Fabric Management to see the Version info

    Go to System > Fabric Management. The Firmware Version column displays the version and either (Feature) or (Mature).

  3. Open the Upgrade pane

    Select the FortiGate, and click upgrade. The FortiGate Upgrade pane opens.

  4. See the available upgrades

    Click All Upgrades. The available firmware versions are displayed.

  5. Select the target firmware, and see the upgrade options

    You can instruct FortiOS to follow the upgrade path (referred to as a federated upgrade) or upgrade directly to the selected firmware version.

  6. Initiate the upgrade process

    Select Follow upgrade path, and click Confirm and Backup Config. Then click Continue to initiate the upgrade. The FortiGate will take the backup of current configurations, transfer to the management computer, upload the firmware image file, upgrade the firmware, and at last, reboot itself. This completes the upgrade of the FrotiOS. 

We hope this post helps you know  how to fix CVE-2022-42475, a critical buffer overflow vulnerability in FortiOS SSL-VPN. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblrMedium & Instagram, and subscribe to receive updates like this. 

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Application Security

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe