In today’s SensCy Cyber Alert, your SensCy team recommends Fortinet customer patch their appliance to combat an actively exploited FortiOS SSL-VPN vulnerability. The vulnerability can be tracked as CVE-2022-42475 and is a heap=based buffer overflow bug in FortiOS SSL-VPN that could allow unauthenticated remote code execution.
What do we know about the vulnerability?
The vulnerability was first disclosed by a French cybersecurity firm as a zero-day vulnerability, warning users to monitor logs until a patch was available. The bug was fixed on November 28th in FortiOS 7.2.3 without releasing any information about it being exploited as a zero-day.
Today, Fortinet released a security advisory FG-IR-22-398, publicly explaining that the vulnerability has been exploited in attacks and that users should update to the following version to fix the bug:
- FortiOS version 7.2.3 or above
- FortiOS version 7.0.9 or above
- FortiOS version 6.4.11 or above
- FortiOS version 6.2.12 or above
- FortiOS-6K7K version 7.0.8 or above
- FortiOS-6K7K version 6.4.10 or above
- FortiOS-6K7K version 6.2.12 or above
- FortiOS-6K7K version 6.0.15 or above
If you are unable to apply the patches immediately, SensCy’s recommendations are to monitor logs, disable the VPN-SSL functionality, and create access rules to limit connections from specific IP addresses.
Why are zero-day vulnerabilities dangerous?
Two main reasons: Cybercriminals can freely exploit these vulnerabilities by malware infections, potentially resulting in data loss for the victims. The systems are vulnerable for as long as the user does not update or install the patch issued by the vendor.