CVE-2022-42475

Description from NVD

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Information Acquisition Date:2023-03-15T15:02Z
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD References

 https://fortiguard.com/psirt/FG-IR-22-398
     source:MISC
     tags:Exploit    Mitigation    Vendor Advisory    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: BIND(1 tweets) VPN(13 tweets) iOS(1 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...187
https://theh185
http://cyberiqs.com/latestnews66
https://cvetrends.com51
https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-m...50
https://lists.astaro.com/ASGV9-IPS-rules.html#018
https://blog.scrt.ch/2023/03/14/producing-a-poc-for-cve-202...17
https://www.ipa.go.jp/security/ciadr/vul/alert20221213.html12
https://www.jpcert.or.jp/at/2022/at220032.html9
https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir...6
https://securityaffairs.com/140721/hacking/fortinet-ssl-vpn...6
https://github.com/scrt/cve-2022-424755
https://opsmtrs.com/2ZFbaTl5
https://wzt.ac.cn/2022/12/15/CVE-2022-424754
https://www.cisa.gov/uscert/ncas/current-activity/2022/12/1...4
https://bit.ly/3iNrcEb3
https://twitter.com/jpcert/status/16024851530620887063
https://vi.strobes.co/cve/CVE-2022-424753
https://arcticwolf.com/resources/blog/cve-2022-424753
https://www.rapid7.com/blog/post/2022/12/12/cve-2022-42475-...3
https://www.tenable.com/blog/cve-2022-27518-unauthenticated...3
https://cert.ssi.gouv.fr/alerte/CERTFR-2022-ALE-0123
https://tweetedtimes.com/BhaavukAroraa?s=tnp3
https://www.mandiant.com/resources/blog/chinese-actors-expl...3
https://thehackernews.com/2022/12/fortinet-warns-of-active-...3
https://www.fortiguard.com/psirt/FG-IR-22-3983
https://www.shadowserver.org/what-we-do/network-reporting/v...3
https://www.helpnetsecurity.com/2022/12/13/cve-2022-424753
https://www.bleepingcomputer.com/news/security/fortinet-say...3

▼ Show Information from Twitter(58)

List of frequently cited URLs

URLNum of Times Referred to
alerts.vulmon.com187
theh185
cyberiqs.com66
cvetrends.com51
www.mdsec.co.uk50
lists.astaro.com18
blog.scrt.ch17
www.ipa.go.jp12
www.jpcert.or.jp9
www.fortinet.com6
securityaffairs.com6
github.com5
opsmtrs.com5
wzt.ac.cn4
www.cisa.gov4
bit.ly3
twitter.com3
vi.strobes.co3
arcticwolf.com3
www.rapid7.com3
www.tenable.com3
cert.ssi.gouv.fr3
tweetedtimes.com3
www.mandiant.com3
thehackernews.com3
www.fortiguard.com3
www.shadowserver.org3
www.helpnetsecurity.com3
www.bleepingcomputer.com3

▼ Show Information from Twitter(58)

GitHub Search Results: Up to 10
NameURL
scrt/cve-2022-42475 https://github.com/scrt/cve-2022-42475
bryanster/ioc-cve-2022-42475 https://github.com/bryanster/ioc-cve-2022-42475
GitHub Search Results: Up to 10
NameURL
scrt/cve-2022-42475 github.com
bryanster/ioc-cve-2022-42475 github.com
2023/04/13 Score : 0
Added Har-sia Database : 2022/12/13
Last Modified : 2023/04/13
Highest Scored Date : 2022/12/13
Highest Score : 201