csaf_certbund - wid-sec-w-2022-2293

WID-SEC-W-2022-2293

Vulnerability from csaf_certbund - Published: 2022-12-12 23:00 - Updated: 2022-12-22 23:00

Summary

Fortinet FortiOS und FortiProxy: Schwachstelle ermöglicht Codeausführung

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

FortiOS ist ein gehärtetes Betriebssystem für FortiGate Plattformen.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Fortinet FortiOS und FortiProxy ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- BIOS/Firmware - Hardware Appliance

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "FortiOS ist ein geh\u00e4rtetes Betriebssystem f\u00fcr FortiGate Plattformen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Fortinet FortiOS und FortiProxy ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware\n- Hardware Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-2293 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2293.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-2293 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2293"
      },
      {
        "category": "external",
        "summary": "PSIRT Advisories - FG-IR-22-398 abgerufen am 2022-12-23",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-398"
      },
      {
        "category": "external",
        "summary": "PSIRT Advisories - FG-IR-22-398 vom 2022-12-12",
        "url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-398"
      }
    ],
    "source_lang": "en-US",
    "title": "Fortinet FortiOS und FortiProxy: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2022-12-22T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:39:42.904+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-2293",
      "initial_release_date": "2022-12-12T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-12-12T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-12-22T23:00:00.000+00:00",
          "number": "2",
          "summary": "Weitere betroffene Produkte aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Fortinet FortiOS \u003c 7.2.3",
                "product": {
                  "name": "Fortinet FortiOS \u003c 7.2.3",
                  "product_id": "T025543",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:7.2.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Fortinet FortiOS \u003c 7.0.9",
                "product": {
                  "name": "Fortinet FortiOS \u003c 7.0.9",
                  "product_id": "T025544",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:7.0.9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Fortinet FortiOS \u003c 6.4.11",
                "product": {
                  "name": "Fortinet FortiOS \u003c 6.4.11",
                  "product_id": "T025545",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:6.4.11"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Fortinet FortiOS \u003c 6.2.12",
                "product": {
                  "name": "Fortinet FortiOS \u003c 6.2.12",
                  "product_id": "T025546",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:6.2.12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Fortinet FortiOS 6K7K \u003c 7.0.8",
                "product": {
                  "name": "Fortinet FortiOS 6K7K \u003c 7.0.8",
                  "product_id": "T025547",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:6k7k__7.0.8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Fortinet FortiOS 6K7K \u003c 6.4.10",
                "product": {
                  "name": "Fortinet FortiOS 6K7K \u003c 6.4.10",
                  "product_id": "T025548",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:6k7k__6.4.10"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Fortinet FortiOS 6K7K \u003c 6.2.12",
                "product": {
                  "name": "Fortinet FortiOS 6K7K \u003c 6.2.12",
                  "product_id": "T025549",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:6k7k__6.2.12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Fortinet FortiOS 6K7K \u003c 6.0.15",
                "product": {
                  "name": "Fortinet FortiOS 6K7K \u003c 6.0.15",
                  "product_id": "T025550",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:6k7k__6.0.15"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Fortinet FortiOS \u003c 6.0.16",
                "product": {
                  "name": "Fortinet FortiOS \u003c 6.0.16",
                  "product_id": "T025712",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:6.0.16"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FortiOS"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Fortinet FortiProxy \u003c 7.2.2",
                "product": {
                  "name": "Fortinet FortiProxy \u003c 7.2.2",
                  "product_id": "T025713",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortiproxy:7.2.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Fortinet FortiProxy \u003c 7.0.8",
                "product": {
                  "name": "Fortinet FortiProxy \u003c 7.0.8",
                  "product_id": "T025714",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortiproxy:7.0.8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Fortinet FortiProxy \u003c 2.0.12",
                "product": {
                  "name": "Fortinet FortiProxy \u003c 2.0.12",
                  "product_id": "T025715",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:fortinet:fortiproxy:2.0.12"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FortiProxy"
          }
        ],
        "category": "vendor",
        "name": "Fortinet"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-42475",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Fortinet FortiOS und FortiProxy. Der Fehler besteht aufgrund eines Heap-basierten Puffer\u00fcberlaufs in der Komponente SSL-VPN. Ein entfernter, anonymer Angreifer kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen, indem er spezielle Anfragen erstellt."
        }
      ],
      "release_date": "2022-12-12T23:00:00.000+00:00",
      "title": "CVE-2022-42475"
    }
  ]
}

CVE-2022-42475 (GCVE-0-2022-42475)

Vulnerability from cvelistv5 – Published: 2023-01-02 08:18 – Updated: 2025-10-21 23:15

Summary

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Severity ?

9.3 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

CWE

CWE-197 - Execute unauthorized code or commands

Assigner

fortinet

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-22-398

Impacted products

Vendor

Product

Version

Fortinet

FortiProxy

Affected: 7.2.0 , ≤ 7.2.1 (semver)
Affected: 7.0.0 , ≤ 7.0.7 (semver)
Affected: 2.0.0 , ≤ 2.0.11 (semver)
Affected: 1.2.0 , ≤ 1.2.13 (semver)
Affected: 1.1.0 , ≤ 1.1.6 (semver)
Affected: 1.0.0 , ≤ 1.0.7 (semver)

Fortinet

FortiOS

Affected: 7.2.0 , ≤ 7.2.2 (semver)
Affected: 7.0.0 , ≤ 7.0.8 (semver)
Affected: 6.4.0 , ≤ 6.4.10 (semver)
Affected: 6.2.0 , ≤ 6.2.11 (semver)
Affected: 6.0.0 , ≤ 6.0.15 (semver)
Affected: 5.6.0 , ≤ 5.6.14 (semver)
Affected: 5.4.0 , ≤ 5.4.13 (semver)
Affected: 5.2.0 , ≤ 5.2.15 (semver)
Affected: 5.0.0 , ≤ 5.0.14 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:10:40.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-22-398",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-22-398"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-42475",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T13:26:56.926267Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-12-13",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42475"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:15:29.105Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-42475"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-12-13T00:00:00+00:00",
            "value": "CVE-2022-42475 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.1",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.7",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.0.11",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.2.13",
              "status": "affected",
              "version": "1.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.1.6",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.0.7",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.10",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.11",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.15",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.6.14",
              "status": "affected",
              "version": "5.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.13",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.15",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.0.14",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap-based buffer overflow vulnerability [CWE-122]\u00a0in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier  and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-197",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-02T08:18:49.444Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-22-398",
          "url": "https://fortiguard.com/psirt/FG-IR-22-398"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiOS version 7.2.3 or above\r\nPlease upgrade to FortiOS version 7.0.9 or above\r\nPlease upgrade to FortiOS version 6.4.11 or above\r\nPlease upgrade to FortiOS version 6.2.12 or above\r\nPlease upgrade to FortiOS version 6.0.16 or above\r\nPlease upgrade to upcoming FortiOS-6K7K version 7.0.8 or above\r\nPlease upgrade to FortiOS-6K7K version 6.4.10 or above\r\nPlease upgrade to FortiOS-6K7K version 6.2.12 or above\r\nPlease upgrade to FortiOS-6K7K version 6.0.15 or above\r\nPlease upgrade to FortiProxy version 7.2.2 or above\r\nPlease upgrade to FortiProxy version 7.0.8 or above\r\nPlease upgrade to upcoming FortiProxy version 2.0.12 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-42475",
    "datePublished": "2023-01-02T08:18:49.444Z",
    "dateReserved": "2022-10-07T14:05:36.301Z",
    "dateUpdated": "2025-10-21T23:15:29.105Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2022-2293

CVE-2022-42475 (GCVE-0-2022-42475)

Tags

Sightings

Nomenclature