A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-22-398 | Exploit Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Information
Published : 2023-01-02 01:15
Updated : 2023-01-09 09:30
NVD link : CVE-2022-42475
Mitre link : CVE-2022-42475
JSON object : View
CWE
CWE-787
Out-of-bounds Write
Products Affected
fortinet
- fortios
- fortiproxy
- fortigate-6500f-dc
- fortigate-7060e
- fim-7901e
- fortigate-6300f
- fim-7920e
- fpm-7630e
- fim-7910e
- fortigate-6500f
- fortigate-6501f
- fortigate-6501f-dc
- fortigate-6300f-dc
- fpm-7620e
- fortigate-7030e
- fim-7941f
- fortigate-6601f-dc
- fpm-7620f
- fortigate-7121f
- fortigate-7040e
- fim-7904e
- fim-7921f
- fortigate-6601f