A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet Fim 7901e
HWFortinetwszystkie wersjeFortinet Fim 7904e
HWFortinetwszystkie wersjeFortinet Fim 7910e
HWFortinetwszystkie wersjeFortinet Fim 7920e
HWFortinetwszystkie wersjeFortinet Fim 7921f
HWFortinetwszystkie wersjeFortinet Fim 7941f
HWFortinetwszystkie wersjeFortinet Fortigate 6300f
HWFortinetwszystkie wersjeFortinet Fortigate 6300f Dc
HWFortinetwszystkie wersjeFortinet Fortigate 6500f
HWFortinetwszystkie wersjeFortinet Fortigate 6500f Dc
HWFortinetwszystkie wersjeFortinet Fortigate 6501f
HWFortinetwszystkie wersjeFortinet Fortigate 6501f Dc
HWFortinetwszystkie wersjeFortinet Fortigate 6601f
HWFortinetwszystkie wersjeFortinet Fortigate 6601f Dc
HWFortinetwszystkie wersjeFortinet Fortigate 7030e
HWFortinetwszystkie wersjeFortinet Fortigate 7040e
HWFortinetwszystkie wersjeFortinet Fortigate 7060e
HWFortinetwszystkie wersjeFortinet Fortigate 7121f
HWFortinetwszystkie wersjeFortinet FortiOS
OSFortinet5.0.0 – 5.0.145.2.0 – 5.2.155.4.0 – 5.4.135.6.0 – 5.6.146.0.0 – 6.0.16 (bez)6.2.0 – 6.2.12 (bez)6.4.0 – 6.4.11 (bez)7.0.0 – 7.0.9 (bez)7.2.0 – 7.2.3 (bez)6.0.0 – 6.0.15 (bez)6.4.0 – 6.4.10 (bez)7.0.0 – 7.0.8 (bez)Fortinet Fortiproxy
APPFortinet7.2.0 – 7.2.2 (bez)7.0.0 – 7.0.8 (bez)2.0.0 – 2.0.12 (bez)1.2.0 – 1.2.131.1.0 – 1.1.61.0.0 – 1.0.7Fortinet Fpm 7620e
HWFortinetwszystkie wersjeFortinet Fpm 7620f
HWFortinetwszystkie wersjeFortinet Fpm 7630e
HWFortinetwszystkie wersje
CISA KEV — detailsi
- Vendori
- Fortinet ↗
- Producti
- FortiOS
- Added to KEVi
- December 13, 2022
- Remediation deadline (US Federal)i
- January 3, 2023(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply updates per vendor instructions.
Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.
Related vulnerabilities
Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach
Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML
Authentication Bypass w FortiOS i FortiProxy — przejęcie uprawnień super-admin
Krytyczna podatność format string RCE w Fortinet FortiOS, FortiProxy i FortiSwitchManager
Out-of-bounds write w Fortinet FortiOS i FortiProxy — RCE bez uwierzytelnienia