The company did not provide any further context about the known exploitation of the vulnerability (CVE-2022-42475). The company has released updates for all of the affected versions and is encouraging all affected customers to upgrade as soon as possible. The flaw affects versions FortiOS 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, FortiOS-6K7K version 7.0.0 through 7.0.7, version 6.4.0 through 6.4.9, version 6.2.0 through 6.2.11, and 6.0.0 through 6.0.14. The FortiGate 60F series offers an excellent Security and SD-WAN solution in a compact fanless desktop form factor for enterprise branch offices and. “Fortinet is aware of an instance where this vulnerability was exploited in the wild.” “A heap-based buffer overflow vulnerability in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests,” the Fortinet advisory says.
The company said on Monday that the vulnerability affects a number of versions of FortiOS, the operating system for its FortiGuard appliances, and is in the SSL VPN functionality of the appliances. Many versions of Fortinet’s popular Fortigate firewall have a heap buffer overflow vulnerability that attackers have already exploited in the wild.
0 kommentar(er)
