Voyager18 (research)

How to fix CVE-2022-42475 in FortiOS

This blog covers everything you need to know about CVE-2022-42475. What it is, whether or not it affects you, and how to fix it.

Bar Lanyado | December 13, 2022

On December 12th, cybersecurity company Fortinet released an advisory outlining CVE-2022-42475 – a vulnerability affecting its FortiOS operating system. With FortiOS being in widespread use across organizations, here’s everything you need to know about this latest critical vulnerability.

What is CVE-2022-42475 ?

CVE-2022-42475 is a heap-based buffer overflow that affects many FortiOS versions and has a CVSSv3 score of 9.3. With a specially constructed request, a remote, unauthenticated attacker might take advantage of this vulnerability and execute code.

Does CVE-2022-42475 affect me?

Potentially. You’re affected if you use the FortiOS SSL-VPN with any of the following versions:

  • FortiOS version 7.2.0 through 7.2.2
  • FortiOS version 7.0.0 through 7.0.8
  • FortiOS version 6.4.0 through 6.4.10
  • FortiOS version 6.2.0 through 6.2.11
  • FortiOS-6K7K version 7.0.0 through 7.0.7
  • FortiOS-6K7K version 6.4.0 through 6.4.9
  • FortiOS-6K7K version 6.2.0 through 6.2.11
  • FortiOS-6K7K version 6.0.0 through 6.0.14

Has CVE-2022-42475 been actively exploited in the wild?

According to FortiGuard Labs, yes.

In order to detect whether or not you have been exploited, check to see if you have:

  • Multiple log entries with:
    Logdesc=”Application crashed” and msg=”[…] application:sslvpnd,[…], Signal 11 received, Backtrace: […]“
  • Presence of the following artifacts in the filesystem:
    • /data/lib/libips.bak
    • /data/lib/
    • /data/lib/
    • /data/lib/
    • /data/lib/
    • /var/.sslvpnconfigbk
    • /data/etc/wxd.conf
    • /flash
  • Connections to suspicious IP addresses from FortiGate:


How to fix CVE-2022-42475 

You can mitigate the risk of CVE-2022-42475 by upgrading your FortiOS to:

  • FortiOS version 7.2.3 and above
  • FortiOS version 7.0.9 or above
  • FortiOS version 6.4.11 or above
  • FortiOS version 6.2.12 or above
  • FortiOS-6K7K version 7.0.8 or above
  • FortiOS-6K7K version 6.4.10 or above
  • FortiOS-6K7K version 6.2.12 or above
  • FortiOS-6K7K version 6.0.15 or above

Before you go

Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors:

  1. Cyber risk in 2022- a 360° view report 
  2. MITRE ATTACK framework – Mapping techniques to CVEs 
  3. Exploit maturity: an introduction 
  4. How to properly tackle zero-day threats 
  5. Threat intelligence frameworks in 2022 

And finally…

Don’t get caught cold by new vulnerabilities. Vulcan Cyber gives you full visibility and oversight of your threat environment and lets you prioritize, remediate and communicate your cyber risk across your entire organization. Get a demo today.

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy