• Home
  • |
  • Blog
  • |
  • How to Fix CVE-2022-42475- A Critical Buffer Overflow Vulnerability in FortiOS SSL-VPN
How to Fix CVE-2022-42475- A Critical Buffer Overflow Vulnerability in FortiOS SSL-VPN

Fortinet issued a warning bell about the exploitation of a critical buffer overflow vulnerability in FortiOS SSL-VPN. The flaw has been tracked with an identifier CVE-2022-42475 and has got a score of 9.3 out of 10 on the CVSS scale. as per the advisory, the vulnerability allows an unauthenticated, remote attacker to execute arbitrary code or commands on devices running vulnerable versions of ForitOS via specifically crafted requests.  Since Fortinet found instances of exploitation of this flaw in the wild, it is highly important to know how to fix CVE-2022-42475, a critical buffer overflow vulnerability in FortiOS SSL-VPN.

A Short Note About FortiOS:

FortiOS is a network security operating system developed by Fortinet, Inc. It provides a comprehensive set of networking and security features for organizations across all industries. With its unified architecture approach, FortiOS can be deployed on a wide range of Fortinet products including the FortiGate next-generation firewalls, the FortiWiFi wireless access points, and the FortiCloud cloud security solution. It can also be deployed on virtual machines and various other platforms such as Amazon Web Services (AWS) or Microsoft Azure.

The FortiOS operating system is designed to provide organizations with the flexibility and scalability they need to protect their networks in any environment. Fortinet also offers additional products such as the FortiManager appliance, which provides centralized management capabilities for large-scale deployments. These products work together with FortiOS to provide comprehensive network security solutions for organizations of all sizes.

Among its capabilities are firewall protection, intrusion prevention, application control, content filtering, secure web gateway, and more. It also offers advanced features such as deep packet inspection (DPI), threat intelligence, and zero-trust security. With its multi-layered defense architecture and robust feature set, FortiOS is a powerful solution for any organization seeking to protect their network infrastructure.

Summary of  CVE-2022-42475:

This is a heap-based buffer overflow vulnerability in FortiOS SSL-VPN. It allows an unauthenticated, remote attack to execute arbitrary code or commands on devices running vulnerable versions of ForitOS. This vulnerability is rated Critical and assigned a CVSS score of 9.3 out of 10. Attackers could exploit this vulnerability just by sending a specially crafted HTTP(S) request. According to the vendor, more details about the flaw is undisclosed due to security reasons.

FortiOS Versions Affected by CVE-2022-42475

There are multiple versions of ForitOS affected by this heap-based buffer overflow vulnerability in FortiOS SSL-VPN.

  • FortiOS version 7.2.0 through 7.2.2
  • FortiOS version 7.0.0 through 7.0.8
  • FortiOS version 6.4.0 through 6.4.10
  • FortiOS version 6.2.0 through 6.2.11
  • FortiOS-6K7K version 7.0.0 through 7.0.7
  • FortiOS-6K7K version 6.4.0 through 6.4.9
  • FortiOS-6K7K version 6.2.0 through 6.2.11
  • FortiOS-6K7K version 6.0.0 through 6.0.14

How to Fix CVE-2022-42475- A Critical Buffer Overflow Vulnerability in FortiOS SSL-VPN?

Fortinet acknowledged the vulnerability by releasing the emergency patch on Dec 12th. All the users of the vulnerable version of FrotiOS are advised to upgrade their appliances running FortiOS versions 7.2.3, 7.0.9, 6.4.11, and 6.2.12 and FortiOS-6K7K versions 7.0.8, 6.4.10, 6.2.12, and 6.0.15.

See Also  Protect Your Online Business from DDoS Attacks with These DDoS Protection Tools and Techniques
Vulnerable VersionPatched Version
FortiOS version 7.2.0 through 7.2.27.2.3 or above
FortiOS version 7.0.0 through 7.0.87.0.9 or above
FortiOS version 6.4.0 through 6.4.106.4.11 or above
FortiOS version 6.2.0 through 6.2.116.2.12 or above
FortiOS-6K7K version 7.0.0 through 7.0.77.0.8 or above
FortiOS-6K7K version 6.4.0 through 6.4.96.4.10 or above
FortiOS-6K7K version 6.2.0 through 6.2.116.2.12 or above
FortiOS-6K7K version 6.0.0 through 6.0.146.0.15 or above

We recommend that users who can’t go for an upgrade immediately make the web console inaccessible from the public network and cover the admin console behind a VPN Firewall to access it from a remote place. In addition to this, Fortinet recommends users immediately validate their systems against the following indicators of compromise:

IOCs:

Multiple log entries with:

Logdesc=”Application crashed” and msg=”[…] application:sslvpnd,[…], Signal 11 received, Backtrace: […]“

Presence of the following artifacts in the filesystem:

  • /data/lib/libips.bak
  • /data/lib/libgif.so
  • /data/lib/libiptcp.so
  • /data/lib/libipudp.so
  • /data/lib/libjepg.so
  • /var/.sslvpnconfigbk
  • /data/etc/wxd.conf
  • /flash

Connections to suspicious IP addresses from the FortiGate:

  • 188.34.130.40:444
  • 103.131.189.143:30080,30081,30443,20443
  • 192.36.119.61:8443,444
  • 172.247.168.153:8033

How to Upgrade FortiOS?

If you want to go for the manual upgrade process, download the upgrade image from https://support.fortinet.com, go to the ‘File Upload’ tab and upload the image. For the recommended upgrade path, see Upgrade Path Tool.

Time needed: 15 minutes

How to Upgrade FortiOS?

  1. Log in to the console as an administrator

    Log into the FortiGate GUI as the admin administrative user.

  2. Go to Fabric Management to see the Version info

    Go to System > Fabric Management. The Firmware Version column displays the version and either (Feature) or (Mature).

  3. Open the Upgrade pane

    Select the FortiGate, and click upgrade. The FortiGate Upgrade pane opens.

  4. See the available upgrades

    Click All Upgrades. The available firmware versions are displayed.

  5. Select the target firmware, and see the upgrade options

    You can instruct FortiOS to follow the upgrade path (referred to as a federated upgrade) or upgrade directly to the selected firmware version.

  6. Initiate the upgrade process

    Select Follow upgrade path, and click Confirm and Backup Config. Then click Continue to initiate the upgrade. The FortiGate will take the backup of current configurations, transfer to the management computer, uploads the firmware image file, upgrade the firmware, and at last, reboot itself. This completes the upgradation of the FrotiOS. 

We hope this post would help you know  how to fix CVE-2022-42475, a critical buffer overflow vulnerability in FortiOS SSL-VPN. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblrMedium & Instagram, and subscribe to receive updates like this. 

Read More:

About the author

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience spanning IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

To know more about him, you can visit his profile on LinkedIn.

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.