You can now find Cyber Kendra on Google News | Telegram

Fortinet Warns for New Pre-auth RCE Vulnerability Exploited in Wild

FortiOS Pre-auth RCE Vulnerability
On Monday, Fortinet issued an emergency patch for critical security vulnerabilities in its FortiOS SSL-VPN product. 

The vulnerability is now tracked as CVE-2022-42475 which has a CVSS score of 9.3 out of 10. This is a heap-based buffer overflow vulnerability in sslvpnd which has been categorized as critical because it is a Pre-Auth Remote Code Execution bug

The successful exploitation of the bug, allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Active Exploitation of New SSL-VPN

Fortinet did mention in its advisory that the company is "aware of an instance where this vulnerability was exploited in the wild", also urging its customers to apply the updates and recommends immediately validating their systems against the following indicators of compromise:

Multiple log entries with:

Logdesc="Application crashed" and msg="[...] application:sslvpnd,[...], Signal 11 received, Backtrace: [...]“

and the presence of the following artifacts in the filesystem:

/data/lib/libips.bak
/data/lib/libgif.so
/data/lib/libiptcp.so
/data/lib/libipudp.so
/data/lib/libjepg.so
/var/.sslvpnconfigbk
/data/etc/wxd.conf
/flash

The following products are impacted by the issue -

Affected Products Solutions
FortiOS version 7.2.0 through 7.2.2 Please upgrade to FortiOS version 7.2.3 or above
FortiOS version 7.0.0 through 7.0.8 Please upgrade to FortiOS version 7.0.9 or above
FortiOS version 6.4.0 through 6.4.10 Please upgrade to FortiOS version 6.4.11 or above
FortiOS version 6.2.0 through 6.2.11 Please upgrade to FortiOS version 6.2.12 or above
FortiOS-6K7K version 7.0.0 through 7.0.7 Please upgrade to FortiOS-6K7K version 7.0.8 or above
FortiOS-6K7K version 6.4.0 through 6.4.9 Please upgrade to FortiOS-6K7K version 6.4.10 or above
FortiOS-6K7K version 6.2.0 through 6.2.11 Please upgrade to FortiOS-6K7K version 6.2.12 or above
Airi Satou Accountant
FortiOS-6K7K version 6.0.0 through 6.0.14 Please upgrade to FortiOS-6K7K version 6.0.15 or above

Earlier also Fortinet warned of active exploitation of different critical authentication bypass flaws (CVE-2022-40684) in FortiOS, FortiProxy, and FortiSwitchManager having a CVSS score of 9.6.

Security researcher Will Dormann points out in a tweet that the description of CVE-2022-42475 is still marked as "reserved", even after the fix has been pushed by the vendor. 

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.