Fortinet has released a security update to address the critical vulnerability(CVE-2022-42475) affecting its FortiOS SSL-VPN.
Based on the official advisory, “Fortinet is aware of an instance where this vulnerability was exploited in the wild, and recommends immediately validating your systems against the following indicators of compromise”
_____________________________
A. Nature of Vulnerability
CVE-2022-42475
- A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
_____________________________
B. Affected Version
FortiOS:
- 7.2.0 to 7.2.2
- 7.0.0 to 7.0.8
- 6.4.0 to 6.4.10
- 6.2.0 to 6.2.11
FortiOS-6K7K:
- 7.0.0 to 7.0.7
- 6.4.0 to 6.4.9
- 6.2.0 to 6.2.11
- 6.0.0 to 6.0.14
_____________________________
C. Indicators of Compromise
IP Address
| IP Address | Port |
| 188.34.130.40 | 444 |
| 103.131.189.143 | 30080,30081,30443, and 20443 |
| 192.36.119.61 | 8443, and 444 |
| 172.247.168.153 | 8033 |
File
| /data/lib/libips.bak |
| /data/lib/libgif.so |
| /data/lib/libiptcp.so |
| /data/lib/libipudp.so |
| /data/lib/libjepg.so |
| /var/.sslvpnconfigbk |
| /data/etc/wxd.conf |
| /flash |
_____________________________
D. Actions to be Taken
CERT-PH recommends the following actions be taken:
- CERT-PH encourages all Fortinet users to apply the necessary update to mitigate future threats.
- Proactively monitor and secure identified systems and devices for any suspicious/malicious activities.
- For additional information, kindly check the links below.
- https://www.fortiguard.com/psirt/FG-IR-22-398