CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2022-42475

CVSS 9.8v3.1pub. 2023-01-02upd. 2025-10-24

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Fortinet Fim 7901e

    HW
    Fortinet
    wszystkie wersje
  • Fortinet Fim 7904e

    HW
    Fortinet
    wszystkie wersje
  • Fortinet Fim 7910e

    HW
    Fortinet
    wszystkie wersje
  • Fortinet Fim 7920e

    HW
    Fortinet
    wszystkie wersje
  • Fortinet Fim 7921f

    HW
    Fortinet
    wszystkie wersje
  • Fortinet Fim 7941f

    HW
    Fortinet
    wszystkie wersje
  • Fortinet Fortigate 6300f

    HW
    Fortinet
    wszystkie wersje
  • Fortinet Fortigate 6300f Dc

    HW
    Fortinet
    wszystkie wersje
  • Fortinet Fortigate 6500f

    HW
    Fortinet
    wszystkie wersje
  • Fortinet Fortigate 6500f Dc

    HW
    Fortinet
    wszystkie wersje
  • Fortinet Fortigate 6501f

    HW
    Fortinet
    wszystkie wersje
  • Fortinet Fortigate 6501f Dc

    HW
    Fortinet
    wszystkie wersje
  • Fortinet Fortigate 6601f

    HW
    Fortinet
    wszystkie wersje
  • Fortinet Fortigate 6601f Dc

    HW
    Fortinet
    wszystkie wersje
  • Fortinet Fortigate 7030e

    HW
    Fortinet
    wszystkie wersje
  • Fortinet Fortigate 7040e

    HW
    Fortinet
    wszystkie wersje
  • Fortinet Fortigate 7060e

    HW
    Fortinet
    wszystkie wersje
  • Fortinet Fortigate 7121f

    HW
    Fortinet
    wszystkie wersje
  • Fortinet FortiOS

    OS
    Fortinet
    5.0.0 – 5.0.145.2.0 – 5.2.155.4.0 – 5.4.135.6.0 – 5.6.146.0.0 – 6.0.16 (bez)6.2.0 – 6.2.12 (bez)6.4.0 – 6.4.11 (bez)7.0.0 – 7.0.9 (bez)7.2.0 – 7.2.3 (bez)6.0.0 – 6.0.15 (bez)6.4.0 – 6.4.10 (bez)7.0.0 – 7.0.8 (bez)
  • Fortinet Fortiproxy

    APP
    Fortinet
    7.2.0 – 7.2.2 (bez)7.0.0 – 7.0.8 (bez)2.0.0 – 2.0.12 (bez)1.2.0 – 1.2.131.1.0 – 1.1.61.0.0 – 1.0.7
  • Fortinet Fpm 7620e

    HW
    Fortinet
    wszystkie wersje
  • Fortinet Fpm 7620f

    HW
    Fortinet
    wszystkie wersje
  • Fortinet Fpm 7630e

    HW
    Fortinet
    wszystkie wersje

CISA KEV — detailsi

Vendori
Fortinet
Producti
FortiOS
Added to KEVi
December 13, 2022
Remediation deadline (US Federal)i
January 3, 2023(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 3 stycznia 2023
Tags
RCEAuth BypassMemoryFirewallVPN
CWE
References

Related vulnerabilities

CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach

CVE-2025-59718CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML

CVE-2024-55591CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Authentication Bypass w FortiOS i FortiProxy — przejęcie uprawnień super-admin

CVE-2024-23113CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Krytyczna podatność format string RCE w Fortinet FortiOS, FortiProxy i FortiSwitchManager

CVE-2024-21762CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Out-of-bounds write w Fortinet FortiOS i FortiProxy — RCE bez uwierzytelnienia