CVE-2022-42475

CVSS V2 None CVSS V3 None
Description
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Overview
  • CVE ID
  • CVE-2022-42475
  • Assigner
  • psirt@fortinet.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-02T09:15:09
  • Last Modified Date
  • 2023-01-09T17:30:58
Weakness Enumerations
CWE URL
CWE-787 http://cwe.mitre.org/data/definitions/787.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* 1 OR 5.0.0 5.0.14
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* 1 OR 5.2.0 5.2.15
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* 1 OR 5.4.0 5.4.13
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* 1 OR 5.6.0 5.6.14
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* 1 OR 6.0.0 6.0.15
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* 1 OR 6.2.0 6.2.11
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* 1 OR 6.4.0 6.4.10
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* 1 OR 7.0.0 7.0.8
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* 1 OR 7.2.0 7.2.2
AND
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* 1 OR 1.0.0 1.0.7
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* 1 OR 1.1.0 1.1.6
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* 1 OR 1.2.0 1.2.13
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* 1 OR 2.0.0 2.0.11
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* 1 OR 7.0.0 7.0.7
cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* 1 OR 6.0.0 6.0.14
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* 1 OR 6.2.0 6.2.11
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* 1 OR 6.4.0 6.4.9
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* 1 OR 7.0.0 7.0.7
cpe:2.3:h:fortinet:fim-7901e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:fortinet:fim-7904e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:fortinet:fim-7910e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:fortinet:fim-7920e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:fortinet:fim-7921f:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:fortinet:fim-7941f:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:fortinet:fortigate-6300f:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:fortinet:fortigate-6300f-dc:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:fortinet:fortigate-6500f:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:fortinet:fortigate-6500f-dc:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:fortinet:fortigate-6501f:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:fortinet:fortigate-6501f-dc:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:fortinet:fortigate-6601f:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:fortinet:fortigate-6601f-dc:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:fortinet:fortigate-7030e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:fortinet:fortigate-7040e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:fortinet:fortigate-7060e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:fortinet:fortigate-7121f:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:fortinet:fpm-7620e:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:fortinet:fpm-7620f:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:fortinet:fpm-7630e:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://fortiguard.com/psirt/FG-IR-22-398
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-42475
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42475
History
Created Old Value New Value Data Type Notes
2023-01-02 10:14:28 Added to TrackCVE
2023-01-02 17:14:57 2023-01-02T16:16:53 CVE Modified Date updated
2023-01-02 17:14:57 Received Awaiting Analysis Vulnerability Status updated
2023-01-06 13:17:45 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-09 18:24:16 2023-01-09T17:30:58 CVE Modified Date updated
2023-01-09 18:24:16 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-09 18:24:16 Weakness Enumeration new
2023-01-09 18:24:20 CPE Information updated