Home / Vulnerabilities / CVE-2022-42475
CRITICAL SEVERITY Ransomware Linked
CVE-2022-42475 Fortinet · FortiOS

Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability

Critical Threat Advisory: This vulnerability is documented in active Ransomware campaigns. Immediate remediation required.

Technical Severity

CVSS v3.1 Metrics

CRITICAL
9.3 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C
Exploitation Likelihood

EPSS Prediction

94.06 %
Predictive Probability
Percentile Rank
99.9 th

Documented as more likely to be exploited than 99.9% of known CVEs.

Detection Date

Dec 13, 2022

Remediation Due

Jan 03, 2023

CISA Catalog Active

Threat Analysis

Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.

Remediation Directive

Apply updates per vendor instructions.

External Intelligence

https://www.fortiguard.com/psirt/FG-IR-22-398

https://www.fortiguard.com/psirt/FG-IR-22-398
NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2022-42475