CVE-2022-42475: Heap-based buffer overflow in sslvpnd

Published Dec 12, 2022
·
Updated

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Other sources

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.## Exploitation status:Fortinet is aware of an instance where this vulnerability was exploited in the wild, and recommends immediately validating your systems against the following indicators of compromise:Multiple log entries with:Logdesc=Application crashed and msg=[...] application:sslvpnd,[...], Signal 11 received, Backtrace: [...]Presence of the following artifacts in the filesystem:/data/lib/libips.bak/data/lib/libgif.so/data/lib/libiptcp.so/data/lib/libipudp.so/data/lib/libjepg.so/var/.sslvpnconfigbk/data/etc/wxd.conf/flashConnections to suspicious IP addresses from the FortiGate:188.34.130.40:444103.131.189.143:30080,30081,30443,20443193.36.119.61:8443,444172.247.168.153:8033139.180.184.19766.42.91.32158.247.221.101107.148.27.117139.180.128.142155.138.224.122185.174.136.20 For more information on how to check for the presence of the indicators of compromise above, please visit this Knowledge Base entry, and contact customer support for assistance. ## Workaround:Disable SSL-VPN.## Changelog:2022-12-12: Added FOS6k/k 2022-12-22: Added FortiProxy2022-12-27: Corrected typo in IOCs: 192.36.119.61 => 193.36.119.61

FortiGuard

Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.

CISA

Affected Software

73 affected components
Fortinet FortiOS
Fortinet FortiOS>=5.0.0<=5.0.14
Fortinet FortiOS>=5.2.0<=5.2.15
Fortinet FortiOS>=5.4.0<=5.4.13
Fortinet FortiOS>=5.6.0<=5.6.14
Fortinet FortiOS>=6.0.0<=6.0.15
Fortinet FortiOS>=6.2.0<=6.2.11
Fortinet FortiOS>=6.4.0<=6.4.10
Fortinet FortiOS>=7.0.0<=7.0.8
Fortinet FortiOS>=7.2.0<=7.2.2
Fortinet FortiProxy>=1.0.0<=1.0.7
Fortinet FortiProxy>=1.1.0<=1.1.6
Fortinet FortiProxy>=1.2.0<=1.2.13
Fortinet FortiProxy>=2.0.0<=2.0.11
Fortinet FortiProxy>=7.0.0<=7.0.7
Fortinet FortiProxy=7.2.0
Fortinet FortiOS>=6.0.0<=6.0.14
Fortinet FortiOS>=6.4.0<=6.4.9
Fortinet FortiOS>=7.0.0<=7.0.7
Fortinet Fim-7901e
Fortinet Fim-7904e
Fortinet Fim-7910e
Fortinet Fim-7920e
Fortinet Fim-7921f
Fortinet Fim-7941f
Fortinet Fortigate-6300f
Fortinet Fortigate-6300f-dc
Fortinet Fortigate-6500f
Fortinet Fortigate-6500f-dc
Fortinet Fortigate-6501f
Fortinet Fortigate-6501f-dc
Fortinet Fortigate-6601f
Fortinet Fortigate-6601f-dc
Fortinet Fortigate-7030e
Fortinet Fortigate-7040e
Fortinet Fortigate-7060e
Fortinet Fortigate-7121f
Fortinet Fpm-7620e
Fortinet Fpm-7620f
Fortinet Fpm-7630e
Fortinet FortiOS>=6.0.0<6.0.16
Fortinet FortiOS>=6.2.0<6.2.12
Fortinet FortiOS>=6.4.0<6.4.11
Fortinet FortiOS>=7.0.0<7.0.9
Fortinet FortiOS>=7.2.0<7.2.3
Fortinet FortiProxy>=2.0.0<2.0.12
Fortinet FortiProxy>=7.0.0<7.0.8
Fortinet FortiProxy>=7.2.0<7.2.2
All of the following
Any of the following
Fortinet FortiOS>=6.0.0<6.0.15
Fortinet FortiOS>=6.2.0<6.2.12
Fortinet FortiOS>=6.4.0<6.4.10
Fortinet FortiOS>=7.0.0<7.0.8
Any of the following
Fortinet Fim-7901e
Fortinet Fim-7904e
Fortinet Fim-7910e
Fortinet Fim-7920e
Fortinet Fim-7921f
Fortinet Fim-7941f
Fortinet Fortigate-6300f
Fortinet Fortigate-6300f-dc
Fortinet Fortigate-6500f
Fortinet Fortigate-6500f-dc
Fortinet Fortigate-6501f
Fortinet Fortigate-6501f-dc
Fortinet Fortigate-6601f
Fortinet Fortigate-6601f-dc
Fortinet Fortigate-7030e
Fortinet Fortigate-7040e
Fortinet Fortigate-7060e
Fortinet Fortigate-7121f
Fortinet Fpm-7620e
Fortinet Fpm-7620f
Fortinet Fpm-7630e

Remediation

Information

Please upgrade to FortiOS version 7.2.3 or above Please upgrade to FortiOS version 7.0.9 or above Please upgrade to FortiOS version 6.4.11 or above Please upgrade to FortiOS version 6.2.12 or above Please upgrade to FortiOS version 6.0.16 or above Please upgrade to upcoming FortiOS-6K7K version 7.0.8 or above Please upgrade to FortiOS-6K7K version 6.4.10 or above Please upgrade to FortiOS-6K7K version 6.2.12 or above Please upgrade to FortiOS-6K7K version 6.0.15 or above Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above Please upgrade to upcoming FortiProxy version 2.0.12 or above

Event History

Dec 12, 2022
Advisory Published
via FortiGuard·12:00 AM
Data Sourced
via FortiGuard·12:00 AM
DescriptionSeverityWeaknessAffected Software
Dec 13, 2022
CVE Published
via CISA·12:00 AM
Known Exploited
via CISA·12:00 AM
Known Ransomware
via CISA·12:00 AM
Jan 2, 2023
CVE Published
via MITRE·08:18 AM
Data Sourced
via MITRE·08:18 AM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·09:15 AM
DescriptionSeverityWeaknessAffected Software
Feb 6, 2024
News Published
via The Register·05:15 PM
News Published
via The Register·05:19 PM
News Published
via BleepingComputer·06:49 PM
News Published
via BleepingComputer·06:49 PM
Feb 9, 2024
News Published
via BleepingComputer·09:02 PM
Mar 13, 2024
News Published
via BleepingComputer·06:48 PM
May 28, 2024
News Published
via BleepingComputer·04:16 PM
Jun 11, 2024
News Published
via BleepingComputer·04:22 PM
Jun 12, 2024
News Published
via The Register·02:00 PM
Sep 10, 2024
News Published
via BleepingComputer·10:35 AM
Oct 9, 2024
News Published
via BleepingComputer·10:07 PM
Oct 23, 2024
News Published
via BleepingComputer·03:05 PM
Dec 31, 2024
News Published
via The Register·12:15 PM
Apr 11, 2025
News Published
via BleepingComputer·04:08 PM
Jun 6, 2025
News Published
via BleepingComputer·01:53 PM
Nov 18, 2025
News Published
via BleepingComputer·07:01 PM
Dec 9, 2025
News Published
via BleepingComputer·06:36 PM
Dec 19, 2025
News Published
via BleepingComputer·03:00 PM
Jan 2, 2026
News Published
via BleepingComputer·04:01 PM
Jan 16, 2026
News Published
via BleepingComputer·10:29 AM

Peer vulnerabilities

Found alongside the following vulnerabilities.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is CVE-2022-42475?

CVE-2022-42475 is a vulnerability in Fortinet FortiOS SSL-VPN that allows an attacker to execute arbitrary code or commands remotely.

2

How can an attacker exploit CVE-2022-42475?

An attacker can exploit CVE-2022-42475 by sending specifically crafted requests to the Fortinet FortiOS SSL-VPN.

3

What is the severity of CVE-2022-42475?

CVE-2022-42475 has a severity rating of high.

4

How can I fix CVE-2022-42475?

To fix CVE-2022-42475, update Fortinet FortiOS SSL-VPN to the latest version provided by Fortinet.

5

Are there any references for CVE-2022-42475?

Yes, you can find more information about CVE-2022-42475 at the Fortinet PSIRT Advisory FG-IR-22-398.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203