Threat Advisory – CVE-2022-42475

13 December 2022 Published at 14.00

^{* CVSS Score provided by Fortinet, has not been assessed by MITRE/NVD and may be subject to change at short notice.}

Version 1.0

On the 12^th of December Fortinet confirmed the presence of a high severity vulnerability in the FortiOS SSL VPN service that may allow remote unauthenticated attackers to execute arbitrary code or commands via specifically crafted requests.

Fortinet have confirmed at least one instance of this being exploited in the wild.

CVE-2022-42475 – Vulnerable Versions

– FortiOS version 7.2.0 through 7.2.2

– FortiOS version 7.0.0 through 7.0.8

– FortiOS version 6.4.0 through 6.4.10

– FortiOS version 6.2.0 through 6.2.11

– FortiOS-6K7K version 7.0.0 through 7.0.7

– FortiOS-6K7K version 6.4.0 through 6.4.9

– FortiOS-6K7K version 6.2.0 through 6.2.11

– FortiOS-6K7K version 6.0.0 through 6.0.14

CVE-2022-42475 – Patched Versions

– FortiOS version 7.2.3 or above

– FortiOS version 7.0.9 or above

– FortiOS version 6.4.11 or above

– FortiOS version 6.2.12 or above

– FortiOS-6K7K version 7.0.8 or above

– FortiOS-6K7K version 6.4.10 or above

– FortiOS-6K7K version 6.2.12 or above

– FortiOS-6K7K version 6.0.15 or above

Updates and patches have been available since December 7^th 2022.

Fortinet have released these indicators from the attack they observed in the wild and organisations with vulnerable versions should consider adding these to their block list.

– 34.130.40:444

– 131.189.143:30080,30081,30443,20443

– 36.119.61:8443,444

– 247.168.153:8033

If you are unsure if your organisation may be affected by this vulnerability, please contact the Adarma team on help@adarma.com and one of our experts will be in touch.

You can read Fortinet’s full advisory here.