February 8, 2023

Fortinet urges customers on Fortigate firewall have a heap buffer overflow vulnerability that attackers have already exploited in the wild.

The vulnerability affects a number of versions of FortiOS, the operating system for its FortiGuard appliances, and is in the SSL VPN functionality of the appliances.

A heap-based buffer overflow vulnerability in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests

Fortinet advisory
Advertisements

Fortinet is aware of an instance where this vulnerability was exploited in the wild.

The flaw affects versions FortiOS 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, FortiOS-6K7K version 7.0.0 through 7.0.7, version 6.4.0 through 6.4.9, version 6.2.0 through 6.2.11, and 6.0.0 through 6.0.14.

The company has released updates for all of the affected versions and is encouraging all affected customers to upgrade as soon as possible. The company did not provide any further context about the known exploitation of the vulnerability (CVE-2022-42475).

Advertisements

There are some known indicators of compromise, including the presence of any of these in the appliance’s file system:

  • /data/lib/libips.bak
  • /data/lib/libgif.so
  • /data/lib/libiptcp.so
  • /data/lib/libipudp.so
  • /data/lib/libjepg.so
  • /var/.sslvpnconfigbk
  • /data/etc/wxd.conf /flash

Suspicious IP Addresses

  • 188.34.130.40:444
  • 103.131.189.143:30080,30081,30443,20443
  • 192.36.119.61:8443,444
  • 172.247.168.153:8033

1 thought on “Fortinet warns on Heap Buffer Overflow SSL VPN Vulnerability

Leave a Reply

%d bloggers like this: