VanRoey Logo
Search
Contact
VanRoey Logo
menu
Header image overlay

Remote Code Execution vulnerability in Fortinet SSL VPN service

Our experts keep you up-to-date on critical cyber threats (CVEs)

CVE-2022-42475: Fortinet published an advisory on an actively exploited remote code execution vulnerability affecting FortiOS via the SSL VPN service.
CVE/alerts in your mailbox?

Remote Code Execution vulnerability in Fortinet SSL VPN service

Fortinet is aware of at least one case where this vulnerability has been successfully exploited, although other unknown cases may certainly exist.

One exploits a vulnerability to deploy malicious files on the file system of affected devices.

Moreover, as seen in a recent campaign affecting Fortinet appliances (CVE-2022-40684), attackers can execute remote code in Fortinet appliances to achieve any of the following objectives:

  • Opening and downloading the device configuration file
  • This includes and is not exclusive to cleartext rules, policies, filtering, usernames, routing configurations and encrypted passwords (encrypted via the private encryption key).
  • Creating privileged administrator accounts
  • Uploading and running scripts

Potential for widespread exploitation

According to CISA's Known Exploited Vulnerabilities Catalog, threat actors have historically used similar Fortinet vulnerabilities to gain initial access and move laterally within an organisation's environment.

We therefore also assume that hackers will continue to actively exploit this vulnerability in the short term to gain access to sensitive information, such as the device configuration file.

This is thanks to the ease of exploitation, the potential for payload and execution and the prevalence of affected Fortinet devices within enterprise environments.

 

 

Take action

This is a major vulnerability that should be addressed immediately.

Given the impact of the update process or possible complexity of other measures, we are currently in the process of contacting customers to agree or who/when to perform the upgrade(s).

Please note, if possible, perform the upgrades in a test environment first

Update FortiOS

Product  Impacted Versions  Fixed Versions 
FortiOS  v7.2.0 to v7.2.2
v7.0.0 to v7.0.8
v6.4.0 to v6.4.10
v6.2.0 to v6.2.11 		 v7.2.3 or above
v7.0.9 or above
v6.4.11 or above
v6.2.12 or above 
FortiOS-6K7K   v7.0.0 to v7.0.7
v6.4.0 to v6.4.9
v6.2.0 to v6.2.11
v6.0.0 to v6.0.14 		 v7.0.8 or above
v6.4.10 or above
v6.2.12 or above
v6.0.15 or above 

Workaround

Disable the SSL-VPN

Need help?

Contact us as soon as possible to fix this leak for you. You can do this by mail at support@vanroey.be or count: 014 470 600. You can also have a create a ticket.

Can't create tickets? Ask here to get an account. If our Engineer needs to remotely control your PC, he or she will ask you to run this software .

Download 'remote assistance'

Receive our newsletter including invitations to events & interesting industry news!

Receive alerts from current CVEs and tips to remedy them!

By registering, you agree to our privacy policy.

Teams Calling with Yealink IP phone set

SAVE and simplify

Teams Calling

All the benefits and features of a full-fledged PBX, without the drawbacks. Calculate how much you can save!

More info