Remote Code Execution vulnerability in Fortinet SSL VPN service
Our support will regularly inform you of important events here.
CVE-2022-42475: Fortinet published an advisory on an actively exploited remote code execution vulnerability affecting FortiOS via the SSL VPN service.
Remote Code Execution vulnerability in Fortinet SSL VPN service
Fortinet is aware of at least one case where this vulnerability has been successfully exploited, although other unknown cases may certainly exist.
One exploits a vulnerability to deploy malicious files on the file system of affected devices.
Moreover, as seen in a recent campaign affecting Fortinet appliances (CVE-2022-40684), attackers can execute remote code in Fortinet appliances to achieve any of the following objectives:
- Opening and downloading the device configuration file
- This includes and is not exclusive to cleartext rules, policies, filtering, usernames, routing configurations and encrypted passwords (encrypted via the private encryption key).
- Creating privileged administrator accounts
- Uploading and running scripts
Potential for widespread exploitation
According to CISA's Known Exploited Vulnerabilities Catalog, threat actors have historically used similar Fortinet vulnerabilities to gain initial access and move laterally within an organisation's environment.
We therefore also assume that hackers will continue to actively exploit this vulnerability in the short term to gain access to sensitive information, such as the device configuration file.
This is thanks to the ease of exploitation, the potential for payload and execution and the prevalence of affected Fortinet devices within enterprise environments.
Take action
This is a major vulnerability that should be addressed immediately.
Given the impact of the update process or possible complexity of other measures, we are currently in the process of contacting customers to agree or who/when to perform the upgrade(s).
Please note, if possible, perform the upgrades in a test environment first
Update FortiOS
| Product | Impacted Versions | Fixed Versions |
| FortiOS | v7.2.0 to v7.2.2 v7.0.0 to v7.0.8 v6.4.0 to v6.4.10 v6.2.0 to v6.2.11 |
v7.2.3 or above v7.0.9 or above v6.4.11 or above v6.2.12 or above |
| FortiOS-6K7K | v7.0.0 to v7.0.7 v6.4.0 to v6.4.9 v6.2.0 to v6.2.11 v6.0.0 to v6.0.14 |
v7.0.8 or above v6.4.10 or above v6.2.12 or above v6.0.15 or above |
Workaround
Disable the SSL-VPN
Need help?
Contact us as soon as possible to fix this leak for you. You can do this by mail at support@vanroey.be or count: 014 470 600. You can also have a create a ticket.
Can't create tickets? Ask here to get an account. If our Engineer needs to remotely control your PC, he or she will ask you to run this software .
