CVE-2022-42475

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-42475
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://fortiguard.com/psirt/FG-IR-22-398 Exploit Mitigation Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
OR cpe:2.3:h:fortinet:fim-7901e:-:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fim-7904e:-:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fim-7910e:-:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fim-7920e:-:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fim-7921f:-:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fim-7941f:-:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fortigate-6300f:-:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fortigate-6300f-dc:-:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fortigate-6500f:-:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fortigate-6500f-dc:-:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fortigate-6501f:-:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fortigate-6501f-dc:-:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fortigate-6601f:-:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fortigate-6601f-dc:-:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fortigate-7030e:-:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fortigate-7040e:-:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fortigate-7060e:-:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fortigate-7121f:-:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fpm-7620e:-:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fpm-7620f:-:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fpm-7630e:-:*:*:*:*:*:*:*
History

28 Jun 2024, 13:48

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico [CWE-122] en FortiOS SSL-VPN 7.2.0 a 7.2.2, 7.0.0 a 7.0.8, 6.4.0 a 6.4.10, 6.2.0 a 6.2.11, 6.0 .15 y anteriores y FortiProxy SSL-VPN 7.2.0 hasta 7.2.1, 7.0.7 y anteriores pueden permitir que un atacante remoto no autenticado ejecute código o comandos arbitrarios a través de solicitudes específicamente manipuladas.
CPE cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*

07 Nov 2023, 03:53

Type Values Removed Values Added
Summary A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Information

Published : 2023-01-02 09:15

Updated : 2024-06-28 13:48

NVD link : CVE-2022-42475

Mitre link : CVE-2022-42475

CVE.ORG link : CVE-2022-42475

JSON object : View

Products Affected

fortinet

  • fim-7941f
  • fortios
  • fim-7921f
  • fortigate-7060e
  • fim-7904e
  • fortigate-6501f-dc
  • fim-7920e
  • fortigate-7121f
  • fortiproxy
  • fortigate-6501f
  • fortigate-6300f
  • fim-7901e
  • fortigate-6500f-dc
  • fpm-7620f
  • fortigate-6601f
  • fim-7910e
  • fpm-7630e
  • fortigate-7040e
  • fortigate-7030e
  • fpm-7620e
  • fortigate-6500f
  • fortigate-6300f-dc
  • fortigate-6601f-dc
CWE
CWE-787

Out-of-bounds Write

CWE-197

Numeric Truncation Error


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024