CVE : CVE-2022-42475
Affected program: FortiOS SSL-VPN
Vendor: Fortinet
Affected version: 7.2.2, 7.2.1, 7.2.0, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.10, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.11, 6.2.10, 6.2.1, 6.2.0
Fixed version : FortiOS (7.2.3 , 7.0.9 , 6.4.11 , 6.2.12 ), FortiOS-6K7K(7.0.8 , 6.4.10 , 6.2.12 , 6.0.15)
Type of vulnerability : Execute unauthorized code or commands
CVSS: Critical (9.3)
Description : A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.Fortinet is aware of an instance where this vulnerability was exploited in the wild.
Affected program: FortiOS SSL-VPN
Vendor: Fortinet
Affected version: 7.2.2, 7.2.1, 7.2.0, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.10, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.11, 6.2.10, 6.2.1, 6.2.0
Fixed version : FortiOS (7.2.3 , 7.0.9 , 6.4.11 , 6.2.12 ), FortiOS-6K7K(7.0.8 , 6.4.10 , 6.2.12 , 6.0.15)
Type of vulnerability : Execute unauthorized code or commands
CVSS: Critical (9.3)
Description : A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.Fortinet is aware of an instance where this vulnerability was exploited in the wild.