CVE-2022-42475
Published: 02 January 2023
Summary
CVE-2022-42475 is a critical-severity Numeric Truncation Error (CWE-197) vulnerability in Fortinet Fortios. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A heap-based buffer overflow vulnerability exists in the SSL-VPN components of FortiOS versions 7.2.0-7.2.2, 7.0.0-7.0.8, 6.4.0-6.4.10, 6.2.0-6.2.11, and 6.0.15 and earlier, as well as FortiProxy versions 7.2.0-7.2.1 and 7.0.7 and earlier. The flaw, tracked as CWE-122, permits remote attackers to supply specially crafted requests that corrupt heap memory.
An unauthenticated attacker with network access can exploit the issue to execute arbitrary code or commands on the affected device. The vulnerability carries a CVSS 3.1 score of 9.8, reflecting that no user interaction or credentials are required and that the impact spans confidentiality, integrity, and availability.
Fortinet advisory FG-IR-22-398 recommends applying the vendor-supplied patches or upgrading to fixed releases. CISA has added the CVE to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. The associated EPSS score currently stands at 0.9401 with a peak of 0.9406, indicating sustained and substantial exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-45545
Vulnerability details
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to…
more
execute arbitrary code or commands via specifically crafted requests.
- CWE(s)
- KEV Date Added
- 13 December 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of vendor patches that Fortinet released to eliminate the heap buffer overflow in SSL-VPN.
Mandates validation of all input to the SSL-VPN interface, blocking the malformed requests that trigger the CWE-122 overflow and code execution.
Enforces boundary protection and traffic filtering on the SSL-VPN portal, limiting unauthenticated remote access that the attack requires.