ChatGPT for cyber risk management: an opportunity, or a threat? | Read here >>

CVE-2022-3656 in Google Chrome: How to fix the new “SymStealer” vulnerability | Read here >>

New report: Get a 360° view of the cyber risk landscape in 2022 and recommendations for 2023 | See the full report >> 

ChatGPT for cyber risk management: an opportunity, or a threat? | Read here >>

CVE-2022-3656 in Google Chrome: How to fix the new “SymStealer” vulnerability | Read here >>

New report: Get a 360° view of the cyber risk landscape in 2022 and recommendations for 2023 | See the full report >> 

Voyager18 (research)

How to fix CVE-2022-42475 in FortiOS

This blog covers everything you need to know about CVE-2022-42475. What it is, whether or not it affects you, and how to fix it.

Bar Lanyado | December 13, 2022

On December 12th, cybersecurity company Fortinet released an advisory outlining CVE-2022-42475 – a vulnerability affecting its FortiOS operating system. With FortiOS being in widespread use across organizations, here’s everything you need to know about this latest critical vulnerability.

What is CVE-2022-42475 ?

CVE-2022-42475 is a heap-based buffer overflow that affects many FortiOS versions and has a CVSSv3 score of 9.3. With a specially constructed request, a remote, unauthenticated attacker might take advantage of this vulnerability and execute code.

Does CVE-2022-42475 affect me?

Potentially. You’re affected if you use the FortiOS SSL-VPN with any of the following versions:

  • FortiOS version 7.2.0 through 7.2.2
  • FortiOS version 7.0.0 through 7.0.8
  • FortiOS version 6.4.0 through 6.4.10
  • FortiOS version 6.2.0 through 6.2.11
  • FortiOS-6K7K version 7.0.0 through 7.0.7
  • FortiOS-6K7K version 6.4.0 through 6.4.9
  • FortiOS-6K7K version 6.2.0 through 6.2.11
  • FortiOS-6K7K version 6.0.0 through 6.0.14

Has CVE-2022-42475 been actively exploited in the wild?

According to FortiGuard Labs, yes.

In order to detect whether or not you have been exploited, check to see if you have:

  • Multiple log entries with:
    Logdesc=”Application crashed” and msg=”[…] application:sslvpnd,[…], Signal 11 received, Backtrace: […]“
  • Presence of the following artifacts in the filesystem:
    • /data/lib/libips.bak
    • /data/lib/libgif.so
    • /data/lib/libiptcp.so
    • /data/lib/libipudp.so
    • /data/lib/libjepg.so
    • /var/.sslvpnconfigbk
    • /data/etc/wxd.conf
    • /flash
  • Connections to suspicious IP addresses from FortiGate:
    • 188.34.130.40:444
    • 103.131.189.143:30080,30081,30443,20443
    • 192.36.119.61:8443,444
    • 172.247.168.153:8033

CVE-2022-42475

How to fix CVE-2022-42475 

You can mitigate the risk of CVE-2022-42475 by upgrading your FortiOS to:

  • FortiOS version 7.2.3 and above
  • FortiOS version 7.0.9 or above
  • FortiOS version 6.4.11 or above
  • FortiOS version 6.2.12 or above
  • FortiOS-6K7K version 7.0.8 or above
  • FortiOS-6K7K version 6.4.10 or above
  • FortiOS-6K7K version 6.2.12 or above
  • FortiOS-6K7K version 6.0.15 or above

Before you go

Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors:

  1. Cyber risk in 2022- a 360° view report 
  2. MITRE ATTACK framework – Mapping techniques to CVEs 
  3. Exploit maturity: an introduction 
  4. How to properly tackle zero-day threats 
  5. Threat intelligence frameworks in 2022 

And finally…

Don’t get caught cold by new vulnerabilities. Vulcan Cyber gives you full visibility and oversight of your threat environment and lets you prioritize, remediate and communicate your cyber risk across your entire organization. Get a demo today.