Fortinet Warns of Active Exploitation of New SSL-VPN Pre-auth RCE Vulnerability

Cyber Security

Products You May Like

Dec 13, 2022Ravie LakshmananVirtual Private Network / Network Security

Fortinet on Monday issued emergency patches for a severe security flaw affecting its FortiOS SSL-VPN product that it said is being actively exploited in the wild.

Tracked as CVE-2022-42475 (CVSS score: 9.3), the critical bug relates to a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to execute arbitrary code via specially crafted requests.

The company said it’s “aware of an instance where this vulnerability was exploited in the wild,” urging customers to move quickly to apply the updates.

CyberSecurity

The following products are impacted by the issue –

  • FortiOS version 7.2.0 through 7.2.2
  • FortiOS version 7.0.0 through 7.0.8
  • FortiOS version 6.4.0 through 6.4.10
  • FortiOS version 6.2.0 through 6.2.11
  • FortiOS-6K7K version 7.0.0 through 7.0.7
  • FortiOS-6K7K version 6.4.0 through 6.4.9
  • FortiOS-6K7K version 6.2.0 through 6.2.11
  • FortiOS-6K7K version 6.0.0 through 6.0.14

Patches are available in FortiOS versions 7.2.3, 7.0.9, 6.4.11, and 6.2.12 as well as FortiOS-6K7K versions 7.0.8, 6.4.10, 6.2.12, and 6.0.15.

SSL-VPN Pre-auth RCE Vulnerability

The American network security company has also published indicators of compromise (IoCs) associated with the exploitation attempts, including the IP addresses and the artifacts that are present in the file system post a successful attack.

The advisory comes two months after Fortinet warned of active weaponization of another critical authentication bypass bug in FortiOS, FortiProxy, and FortiSwitchManager (CVE-2022-40684, CVSS score: 9.6).

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

Realme 13 Pro+ 5G Monet Purple Colour Variant Launched in India: Availability, Offers
NASA’s SpaceX Crew-9 Mission Adjusts Crew Ahead of September Launch
ISRO Chief S Somanath Expects Budget Requirement to Grow by Up to 30 Percent in Coming Years
Instagram Developing New Feature Which Enables Real-Time Sharing of Currently Playing Spotify Tracks
Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability

Leave a Reply

Your email address will not be published. Required fields are marked *