CVE-2022-42475

Description from NVD

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Information Acquisition Date:2023-01-30T18:12Z
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD References

 https://fortiguard.com/psirt/FG-IR-22-398
     source:MISC
     tags:Exploit    Mitigation    Vendor Advisory    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Apple(1 tweets) Linux(4 tweets) VPN(128 tweets) Windows(3 tweets) iOS(146 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...264
https://theh190
https://cvetrends.com52
https://www.mandiant.com/resources/blog/chinese-actors-expl...22
https://securityaffairs.com/140721/hacking/fortinet-ssl-vpn...21
https://thehackernews.com/2022/12/fortinet-warns-of-active-...11
https://wzt.ac.cn/2022/12/15/CVE-2022-424759
https://www.jpcert.or.jp/at/2022/at220032.html9
https://www.helpnetsecurity.com/2022/12/13/cve-2022-424758
https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir...6
https://opsmtrs.com/2ZFbaTl5
https://www.cisa.gov/uscert/ncas/current-activity/2022/12/1...4
https://bit.ly/3iNrcEb3
https://twitter.com/jpcert/status/16024851530620887063
https://vi.strobes.co/cve/CVE-2022-424753
https://www.ipa.go.jp/security/ciadr/vul/alert20221213.html3
https://arcticwolf.com/resources/blog/cve-2022-424753
https://www.rapid7.com/blog/post/2022/12/12/cve-2022-42475-...3
https://www.tenable.com/blog/cve-2022-27518-unauthenticated...3
https://cert.ssi.gouv.fr/alerte/CERTFR-2022-ALE-0123
https://tweetedtimes.com/BhaavukAroraa?s=tnp3
https://www.fortiguard.com/psirt/FG-IR-22-3983
https://www.shadowserver.org/what-we-do/network-reporting/v...3
https://www.bleepingcomputer.com/news/security/fortinet-say...3

▼ Show Information from Twitter(263)

List of frequently cited URLs

URLNum of Times Referred to
alerts.vulmon.com264
theh190
cvetrends.com52
www.mandiant.com22
securityaffairs.com21
thehackernews.com11
wzt.ac.cn9
www.jpcert.or.jp9
www.helpnetsecurity.com8
www.fortinet.com6
opsmtrs.com5
www.cisa.gov4
bit.ly3
twitter.com3
vi.strobes.co3
www.ipa.go.jp3
arcticwolf.com3
www.rapid7.com3
www.tenable.com3
cert.ssi.gouv.fr3
tweetedtimes.com3
www.fortiguard.com3
www.shadowserver.org3
www.bleepingcomputer.com3

▼ Show Information from Twitter(263)

GitHub Search Results: Up to 10
NameURL
bryanster/ioc-cve-2022-42475 https://github.com/bryanster/ioc-cve-2022-42475
Live-Hack-CVE/CVE-2022-42475 https://github.com/Live-Hack-CVE/CVE-2022-42475
GitHub Search Results: Up to 10
NameURL
bryanster/ioc-cve-2022-42475 github.com
Live-Hack-CVE/CVE-2022-42475 github.com
2023/02/07 Score : 2
Added Har-sia Database : 2022/12/13
Last Modified : 2023/02/07
Highest Scored Date : 2022/12/13
Highest Score : 201