Fortinet issued a warning bell about the exploitation of a critical buffer overflow vulnerability in FortiOS SSL-VPN. The flaw has been tracked with an identifier CVE-2022-42475 and has got a score of 9.3 out of 10 on the CVSS scale. as per the advisory, the vulnerability allows an unauthenticated, remote attacker to execute arbitrary code or commands on devices running vulnerable versions of ForitOS via specifically crafted requests. Since Fortinet found instances of exploitation of this flaw in the wild, it is highly important to know how to fix CVE-2022-42475, a critical buffer overflow vulnerability in FortiOS SSL-VPN.
FortiOS is a network security operating system developed by Fortinet, Inc. It provides a comprehensive set of networking and security features for organizations across all industries. With its unified architecture approach, FortiOS can be deployed on a wide range of Fortinet products including the FortiGate next-generation firewalls, the FortiWiFi wireless access points, and the FortiCloud cloud security solution. It can also be deployed on virtual machines and various other platforms such as Amazon Web Services (AWS) or Microsoft Azure.
The FortiOS operating system is designed to provide organizations with the flexibility and scalability they need to protect their networks in any environment. Fortinet also offers additional products such as the FortiManager appliance, which provides centralized management capabilities for large-scale deployments. These products work together with FortiOS to provide comprehensive network security solutions for organizations of all sizes.
Among its capabilities are firewall protection, intrusion prevention, application control, content filtering, secure web gateway, and more. It also offers advanced features such as deep packet inspection (DPI), threat intelligence, and zero-trust security. With its multi-layered defense architecture and robust feature set, FortiOS is a powerful solution for any organization seeking to protect its network infrastructure.
This is a heap-based buffer overflow vulnerability in FortiOS SSL-VPN. It allows an unauthenticated, remote attack to execute arbitrary code or commands on devices running vulnerable versions of ForitOS. This vulnerability is rated Critical and assigned a CVSS score of 9.3 out of 10. Attackers could exploit this vulnerability just by sending a specially crafted HTTP(S) request. According to the vendor, more details about the flaw is undisclosed due to security reasons.
There are multiple versions of ForitOS affected by this heap-based buffer overflow vulnerability in FortiOS SSL-VPN.
FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.10
FortiOS version 6.2.0 through 6.2.11
FortiOS-6K7K version 7.0.0 through 7.0.7
FortiOS-6K7K version 6.4.0 through 6.4.9
FortiOS-6K7K version 6.2.0 through 6.2.11
FortiOS-6K7K version 6.0.0 through 6.0.14
Fortinet acknowledged the vulnerability by releasing the emergency patch on Dec 12th. All the users of the vulnerable version of FrotiOS are advised to upgrade their appliances running FortiOS versions 7.2.3, 7.0.9, 6.4.11, and 6.2.12 and FortiOS-6K7K versions 7.0.8, 6.4.10, 6.2.12, and 6.0.15.
Vulnerable Version | Patched Version |
FortiOS version 7.2.0 through 7.2.2 | 7.2.3 or above |
FortiOS version 7.0.0 through 7.0.8 | 7.0.9 or above |
FortiOS version 6.4.0 through 6.4.10 | 6.4.11 or above |
FortiOS version 6.2.0 through 6.2.11 | 6.2.12 or above |
FortiOS-6K7K version 7.0.0 through 7.0.7 | 7.0.8 or above |
FortiOS-6K7K version 6.4.0 through 6.4.9 | 6.4.10 or above |
FortiOS-6K7K version 6.2.0 through 6.2.11 | 6.2.12 or above |
FortiOS-6K7K version 6.0.0 through 6.0.14 | 6.0.15 or above |
We recommend that users who can’t go for an upgrade immediately make the web console inaccessible from the public network and cover the admin console behind a VPN Firewall to access it from a remote place. In addition to this, Fortinet recommends users immediately validate their systems against the following indicators of compromise:
Multiple log entries with:
Logdesc=”Application crashed” and msg=”[…] application:sslvpnd,[…], Signal 11 received, Backtrace: […]“
Presence of the following artifacts in the filesystem:
/data/lib/libips.bak
/data/lib/libgif.so
/data/lib/libiptcp.so
/data/lib/libipudp.so
/data/lib/libjepg.so
/var/.sslvpnconfigbk
/data/etc/wxd.conf
/flash
Connections to suspicious IP addresses from the FortiGate:
188.34.130.40:444
103.131.189.143:30080,30081,30443,20443
192.36.119.61:8443,444
172.247.168.153:8033
If you want to go for the manual upgrade process, download the upgrade image from https://support.fortinet.com, go to the ‘File Upload’ tab and upload the image. For the recommended upgrade path, see Upgrade Path Tool.
Log in to the console as an administrator
Log into the FortiGate GUI as the admin administrative user.
Go to Fabric Management to see the Version info
Go to System > Fabric Management. The Firmware Version column displays the version and either (Feature) or (Mature).
Open the Upgrade pane
Select the FortiGate, and click upgrade. The FortiGate Upgrade pane opens.
See the available upgrades
Click All Upgrades. The available firmware versions are displayed.
Select the target firmware, and see the upgrade options
You can instruct FortiOS to follow the upgrade path (referred to as a federated upgrade) or upgrade directly to the selected firmware version.
Initiate the upgrade process
Select Follow upgrade path, and click Confirm and Backup Config. Then click Continue to initiate the upgrade. The FortiGate will take the backup of current configurations, transfer to the management computer, upload the firmware image file, upgrade the firmware, and at last, reboot itself. This completes the upgrade of the FrotiOS.
We hope this post helps you know how to fix CVE-2022-42475, a critical buffer overflow vulnerability in FortiOS SSL-VPN. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.
You may also like these articles:
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”
"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.
BurpGPT is a cutting-edge Burp Suite extension that harnesses the power of OpenAI's language models to revolutionize web application security testing. With customizable prompts and advanced AI capabilities, BurpGPT enables security professionals to uncover bespoke vulnerabilities, streamline assessments, and stay ahead of evolving threats.
PentestGPT, developed by Gelei Deng and team, revolutionizes penetration testing by harnessing AI power. Leveraging OpenAI's GPT-4, it automates and streamlines the process, making it efficient and accessible. With advanced features and interactive guidance, PentestGPT empowers testers to identify vulnerabilities effectively, representing a significant leap in cybersecurity.
Tenable BurpGPT is a powerful Burp Suite extension that leverages OpenAI's advanced language models to analyze HTTP traffic and identify potential security risks. By automating vulnerability detection and providing AI-generated insights, BurpGPT dramatically reduces manual testing efforts for security researchers, developers, and pentesters.
Microsoft Security Copilot is a revolutionary AI-powered security solution that empowers cybersecurity professionals to identify and address potential breaches effectively. By harnessing advanced technologies like OpenAI's GPT-4 and Microsoft's extensive threat intelligence, Security Copilot streamlines threat detection and response, enabling defenders to operate at machine speed and scale.