Customers are urged by Fortinet to address actively exploited FortiOS SSL-VPN flaw

An actively exploited FortiOS SSL-VPN weakness that would have allowed a remote, unauthenticated attacker to run arbitrary code on devices been addressed by Fortinet

In order to address an actively exploited FortiOS SSL-VPN vulnerability, identified as CVE-2022-42475, which might be used by an unauthenticated, remote attacker to execute arbitrary code on devices, Fortinet recommends users to update their setups.

The CVE-2022-42475 flaw is a heap-based buffer overflow issue that resides in FortiOS sslvpnd.

“A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.” reads the advisory published by the security vendor. “Fortinet is aware of an instance where this vulnerability was exploited in the wild,”

Fortinet recommends its customers of checking the following indicators of compromise >>

Multiple log entries with:

Logdesc="Application crashed" and msg="[...] application:sslvpnd,[...], Signal 11 received, Backtrace: [...]“

Presence of the following artifacts in the filesystem:

/data/lib/libips.bak
/data/lib/libgif.so
/data/lib/libiptcp.so
/data/lib/libipudp.so
/data/lib/libjepg.so
/var/.sslvpnconfigbk
/data/etc/wxd.conf
/flash

Connections to suspicious IP addresses from the FortiGate:

188.34.130.40:444
103.131.189.143:30080,30081,30443,20443
192.36.119.61:8443,444
172.247.168.153:8033

The vulnerability was first disclosed by cybersecurity firm Olympe Cyberdefense

Below is the list of affected products:

FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.10
FortiOS version 6.2.0 through 6.2.11
FortiOS-6K7K version 7.0.0 through 7.0.7
FortiOS-6K7K version 6.4.0 through 6.4.9
FortiOS-6K7K version 6.2.0 through 6.2.11
FortiOS-6K7K version 6.0.0 through 6.0.14

Fortinet addressed the issue with the release of FortiOS 7.2.3.

Bookmark

Social Comments Box

About
Latest Posts

RiSec.Mitch

Just your average information security researcher from Delaware US.

Leave a Reply Cancel reply

JD Sports: Cyber Attack affects 10 million customers

InfoSec – A Newbie Guide – InfoSecurity

Google Open-Source Vulnerability Scanning Tool

Polymorphic Malware Produced by ChatGPT

Russian Hackers Repurpose Decade-Old Malware Infrastructure to Deploy New Backdoors

Dridex Banking Malware Targets MacOS users with a new delivery method

Microsoft Discloses Methods Employed by 4 Ransomware Families Aiming at macOS

$8 billion in cryptocurrency withdrawals strike US bank Silvergate

ieGeek Security Vulnerabilities still prevalent in 2022 IG20

Hacking Campaign Steals 10,000 Login Credentials From 130 Different Organizations

Google mitigates largest DDoS Attack in History – Peaked at 46 Million RPS

A Security Researcher Contacted Me – What should I do?

Google Chrome extensions can be easily fingerprinted to track you online

3 Steps To Better Account Security

HARDEN YOUR VPS: Steps to Hardening your VPS Security