How to fix CVE-2022-42475 in FortiOS

On December 12th, cybersecurity company Fortinet released an advisory outlining CVE-2022-42475 – a vulnerability affecting its FortiOS operating system. With FortiOS being in widespread use across organizations, here’s everything you need to know about this latest critical vulnerability.

What is CVE-2022-42475 ?

CVE-2022-42475 is a heap-based buffer overflow that affects many FortiOS versions and has a CVSSv3 score of 9.3. With a specially constructed request, a remote, unauthenticated attacker might take advantage of this vulnerability and execute code.

Does CVE-2022-42475 affect me?

Potentially. You’re affected if you use the FortiOS SSL-VPN with any of the following versions:

• FortiOS version 7.2.0 through 7.2.2
• FortiOS version 7.0.0 through 7.0.8
• FortiOS version 6.4.0 through 6.4.10
• FortiOS version 6.2.0 through 6.2.11
• FortiOS-6K7K version 7.0.0 through 7.0.7
• FortiOS-6K7K version 6.4.0 through 6.4.9
• FortiOS-6K7K version 6.2.0 through 6.2.11
• FortiOS-6K7K version 6.0.0 through 6.0.14

Has CVE-2022-42475 been actively exploited in the wild?

According to FortiGuard Labs, yes.

In order to detect whether or not you have been exploited, check to see if you have:

• Multiple log entries with:
  Logdesc=”Application crashed” and msg=”[…] application:sslvpnd,[…], Signal 11 received, Backtrace: […]“
• Presence of the following artifacts in the filesystem:
  • /data/lib/libips.bak
  • /data/lib/libgif.so
  • /data/lib/libiptcp.so
  • /data/lib/libipudp.so
  • /data/lib/libjepg.so
  • /var/.sslvpnconfigbk
  • /data/etc/wxd.conf
  • /flash
• Connections to suspicious IP addresses from FortiGate:
  • 188.34.130.40:444
  • 103.131.189.143:30080,30081,30443,20443
  • 192.36.119.61:8443,444
  • 172.247.168.153:8033

How to fix CVE-2022-42475 

You can mitigate the risk of CVE-2022-42475 by upgrading your FortiOS to:

• FortiOS version 7.2.3 and above
• FortiOS version 7.0.9 or above
• FortiOS version 6.4.11 or above
• FortiOS version 6.2.12 or above
• FortiOS-6K7K version 7.0.8 or above
• FortiOS-6K7K version 6.4.10 or above
• FortiOS-6K7K version 6.2.12 or above
• FortiOS-6K7K version 6.0.15 or above

Before you go

Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors:

1. Cyber risk in 2022- a 360° view report 
2. MITRE ATTACK framework – Mapping techniques to CVEs 
3. Exploit maturity: an introduction 
4. How to properly tackle zero-day threats 
5. Threat intelligence frameworks in 2022 

And finally…

Don’t get caught cold by new vulnerabilities. Vulcan Cyber gives you full visibility and oversight of your threat environment and lets you prioritize, remediate and communicate your cyber risk across your entire organization. Get a demo today.