A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/psirt/FG-IR-22-398 | Exploit Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
| AND |
|
History
07 Nov 2023, 03:53
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. |
09 Jan 2023, 17:30
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| CWE | CWE-787 | |
| First Time |
Fortinet fortios
Fortinet fpm-7620e Fortinet fim-7904e Fortinet fortigate-6501f-dc Fortinet fortiproxy Fortinet fortigate-6501f Fortinet fim-7901e Fortinet fortigate-7121f Fortinet fim-7910e Fortinet fim-7920e Fortinet fortigate-6601f-dc Fortinet fpm-7630e Fortinet fim-7941f Fortinet fortigate-6300f-dc Fortinet fortigate-7040e Fortinet fortigate-6500f-dc Fortinet fim-7921f Fortinet fpm-7620f Fortinet Fortinet fortigate-7030e Fortinet fortigate-6601f Fortinet fortigate-6300f Fortinet fortigate-6500f Fortinet fortigate-7060e |
|
| References | (MISC) https://fortiguard.com/psirt/FG-IR-22-398 - Exploit, Mitigation, Vendor Advisory | |
| CPE | cpe:2.3:h:fortinet:fortigate-6500f-dc:-:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortigate-7040e:-:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fim-7941f:-:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fim-7920e:-:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortigate-6601f-dc:-:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortigate-6601f:-:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fpm-7620f:-:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fpm-7630e:-:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortigate-6300f-dc:-:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortigate-7121f:-:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fpm-7620e:-:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortigate-6500f:-:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fim-7904e:-:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fim-7901e:-:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortigate-6300f:-:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortigate-7030e:-:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fim-7910e:-:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortigate-6501f:-:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortigate-7060e:-:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fim-7921f:-:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortigate-6501f-dc:-:*:*:*:*:*:*:* |
02 Jan 2023, 09:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-01-02 09:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-42475
Mitre link : CVE-2022-42475
CVE.ORG link : CVE-2022-42475
JSON object : View
Products Affected
fortinet
- fim-7910e
- fim-7901e
- fortiproxy
- fim-7920e
- fortigate-6300f-dc
- fim-7921f
- fortigate-6300f
- fortigate-6500f-dc
- fpm-7620f
- fpm-7630e
- fortigate-7030e
- fpm-7620e
- fortigate-6500f
- fortigate-6601f-dc
- fortigate-6501f-dc
- fortigate-7040e
- fortigate-6501f
- fortigate-7121f
- fortigate-6601f
- fim-7904e
- fortios
- fim-7941f
- fortigate-7060e