Vulnerabilites related to fortinet - fortigate-7040e
Vulnerability from fkie_nvd
Published
2023-01-02 09:15
Modified
2025-02-24 15:44
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.com/psirt/FG-IR-22-398 | Exploit, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-22-398 | Exploit, Mitigation, Vendor Advisory |
Impacted products
{ cisaActionDue: "2023-01-03", cisaExploitAdd: "2022-12-13", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "5BB7E21E-A68B-44FC-8F0E-EF5926186F26", versionEndIncluding: "5.0.14", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "3F93F9C8-6064-4CED-88DF-3580C517AB51", versionEndIncluding: "5.2.15", versionStartIncluding: "5.2.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "0507F264-9E8D-4F9D-AB18-0C6CA5BD69F0", versionEndIncluding: "5.4.13", versionStartIncluding: "5.4.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "AC0AFBC1-5C11-412E-9979-AF89DD26EFCD", versionEndIncluding: "5.6.14", versionStartIncluding: "5.6.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "795298D3-0C06-471C-87E2-2D04AC190EAD", versionEndExcluding: "6.0.16", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "F6785608-14A0-4825-BEC0-899E55A9FDF1", versionEndExcluding: "6.2.12", versionStartIncluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "55E67EF5-6AF0-410A-BDE7-CF745ED97328", versionEndExcluding: "6.4.11", versionStartIncluding: "6.4.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "C424900B-9A5E-440C-996B-2CF426F2CAA3", versionEndExcluding: "7.0.9", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "00E89C95-E9FB-473A-BEB0-FA8E7225AC55", versionEndExcluding: "7.2.3", versionStartIncluding: "7.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", matchCriteriaId: "22936F53-4480-4011-9211-174D1C507E87", versionEndIncluding: "1.0.7", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", matchCriteriaId: "E6BBF05F-4967-4A2E-A8F8-C2086097148B", versionEndIncluding: "1.1.6", versionStartIncluding: "1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", matchCriteriaId: "33B84D9A-55E3-4146-A55A-ACB507E61B05", versionEndIncluding: "1.2.13", versionStartIncluding: "1.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", matchCriteriaId: "954674E3-7E54-4D94-80DE-CB73AE0452EA", versionEndExcluding: "2.0.12", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", matchCriteriaId: "81E60913-FBE9-467B-AB4B-CA85E97527BA", versionEndExcluding: "7.0.8", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", matchCriteriaId: "F5B24750-4A57-4F80-AAE8-8AC316B376C2", versionEndExcluding: "7.2.2", versionStartIncluding: "7.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "77974073-D92D-4EB8-854F-A6DCCD13C868", versionEndExcluding: "6.0.15", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "F6785608-14A0-4825-BEC0-899E55A9FDF1", versionEndExcluding: "6.2.12", versionStartIncluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "6A7730E2-63AD-48F2-AE0A-6C8C9369A734", versionEndExcluding: "6.4.10", versionStartIncluding: "6.4.0", vulnerable: true, }, { criteria: "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", matchCriteriaId: "EE6D1D19-1227-42BE-87A7-E798D60059A5", versionEndExcluding: "7.0.8", versionStartIncluding: "7.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fortinet:fim-7901e:-:*:*:*:*:*:*:*", matchCriteriaId: "689B8A1F-112D-42CE-A29B-692EF00150AD", vulnerable: false, }, { criteria: "cpe:2.3:h:fortinet:fim-7904e:-:*:*:*:*:*:*:*", matchCriteriaId: "33603726-AB6B-4773-904E-DE103CDCEA70", vulnerable: false, }, { criteria: "cpe:2.3:h:fortinet:fim-7910e:-:*:*:*:*:*:*:*", matchCriteriaId: "DB6056EE-E76C-4064-B252-E0D65A1CBFBB", vulnerable: false, }, { criteria: "cpe:2.3:h:fortinet:fim-7920e:-:*:*:*:*:*:*:*", matchCriteriaId: "43DF83AC-1B86-4C45-B5A3-EF56B65C9BF7", vulnerable: false, }, { criteria: "cpe:2.3:h:fortinet:fim-7921f:-:*:*:*:*:*:*:*", matchCriteriaId: "F7BAD653-D841-4744-AE85-C24FC1F3F6DF", vulnerable: false, }, { criteria: "cpe:2.3:h:fortinet:fim-7941f:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADCB4F1-E237-4525-95C4-2C8EFDD7A109", vulnerable: false, }, { criteria: "cpe:2.3:h:fortinet:fortigate-6300f:-:*:*:*:*:*:*:*", matchCriteriaId: "BB61396B-D9EF-44DE-B211-E92EF5A52888", vulnerable: false, }, { criteria: "cpe:2.3:h:fortinet:fortigate-6300f-dc:-:*:*:*:*:*:*:*", matchCriteriaId: "1AD28C00-00CC-433F-BD7B-AC58254E4785", vulnerable: false, }, { criteria: "cpe:2.3:h:fortinet:fortigate-6500f:-:*:*:*:*:*:*:*", matchCriteriaId: "1A72901A-EA5B-48B0-9D0B-A8CD8903413C", vulnerable: false, }, { criteria: "cpe:2.3:h:fortinet:fortigate-6500f-dc:-:*:*:*:*:*:*:*", matchCriteriaId: "D56B4C97-9BC9-4FB9-9623-F2897050FE8B", vulnerable: false, }, { criteria: "cpe:2.3:h:fortinet:fortigate-6501f:-:*:*:*:*:*:*:*", matchCriteriaId: "50EFCC23-1135-4BC9-B180-E9045030C844", vulnerable: false, }, { criteria: "cpe:2.3:h:fortinet:fortigate-6501f-dc:-:*:*:*:*:*:*:*", matchCriteriaId: "1E355C55-4CAA-4875-95F6-FCF3D360039F", vulnerable: false, }, { criteria: "cpe:2.3:h:fortinet:fortigate-6601f:-:*:*:*:*:*:*:*", matchCriteriaId: "ACBFBDDC-1BD8-48AA-85A3-AA727C466C8D", vulnerable: false, }, { criteria: "cpe:2.3:h:fortinet:fortigate-6601f-dc:-:*:*:*:*:*:*:*", matchCriteriaId: "A56F4F2D-BE9B-458C-B906-017D14DEABBA", vulnerable: false, }, { criteria: "cpe:2.3:h:fortinet:fortigate-7030e:-:*:*:*:*:*:*:*", matchCriteriaId: "DEADC8C2-1DB4-4CB9-A014-7EF279C03C08", vulnerable: false, }, { criteria: "cpe:2.3:h:fortinet:fortigate-7040e:-:*:*:*:*:*:*:*", matchCriteriaId: "A6BBD9D7-5F9B-4438-91F9-EB496C8186C5", vulnerable: false, }, { criteria: "cpe:2.3:h:fortinet:fortigate-7060e:-:*:*:*:*:*:*:*", matchCriteriaId: "187AAEF7-3FBF-488C-9935-2FA15D131228", vulnerable: false, }, { criteria: "cpe:2.3:h:fortinet:fortigate-7121f:-:*:*:*:*:*:*:*", matchCriteriaId: "D9294854-FC23-4682-A695-325CA3347F37", vulnerable: false, }, { criteria: "cpe:2.3:h:fortinet:fpm-7620e:-:*:*:*:*:*:*:*", matchCriteriaId: "CAFABB00-194B-41E4-940C-A5CF3A9CECEB", vulnerable: false, }, { criteria: "cpe:2.3:h:fortinet:fpm-7620f:-:*:*:*:*:*:*:*", matchCriteriaId: "B2CC0365-4336-4700-9A29-1AEA0CA781AF", vulnerable: false, }, { criteria: "cpe:2.3:h:fortinet:fpm-7630e:-:*:*:*:*:*:*:*", matchCriteriaId: "D7E4F7F8-50E4-4774-B1E7-13DC1A289104", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.", }, { lang: "es", value: "Una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico [CWE-122] en FortiOS SSL-VPN 7.2.0 a 7.2.2, 7.0.0 a 7.0.8, 6.4.0 a 6.4.10, 6.2.0 a 6.2.11, 6.0 .15 y anteriores y FortiProxy SSL-VPN 7.2.0 hasta 7.2.1, 7.0.7 y anteriores pueden permitir que un atacante remoto no autenticado ejecute código o comandos arbitrarios a través de solicitudes específicamente manipuladas.", }, ], id: "CVE-2022-42475", lastModified: "2025-02-24T15:44:21.153", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "psirt@fortinet.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-02T09:15:09.490", references: [ { source: "psirt@fortinet.com", tags: [ "Exploit", "Mitigation", "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-398", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mitigation", "Vendor Advisory", ], url: "https://fortiguard.com/psirt/FG-IR-22-398", }, ], sourceIdentifier: "psirt@fortinet.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-197", }, ], source: "psirt@fortinet.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2022-42475
Vulnerability from cvelistv5
Published
2023-01-02 08:18
Modified
2024-10-23 13:27
Severity ?
EPSS score ?
Summary
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Fortinet | FortiProxy |
Version: 7.2.0 ≤ 7.2.1 Version: 7.0.0 ≤ 7.0.7 Version: 2.0.0 ≤ 2.0.11 Version: 1.2.0 ≤ 1.2.13 Version: 1.1.0 ≤ 1.1.6 Version: 1.0.0 ≤ 1.0.7 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:10:40.927Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-398", tags: [ "x_transferred", ], url: "https://fortiguard.com/psirt/FG-IR-22-398", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-42475", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T13:26:56.926267Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-12-13", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-42475", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T13:27:24.950Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "FortiProxy", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.2.1", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.7", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "2.0.11", status: "affected", version: "2.0.0", versionType: "semver", }, { lessThanOrEqual: "1.2.13", status: "affected", version: "1.2.0", versionType: "semver", }, { lessThanOrEqual: "1.1.6", status: "affected", version: "1.1.0", versionType: "semver", }, { lessThanOrEqual: "1.0.7", status: "affected", version: "1.0.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", product: "FortiOS", vendor: "Fortinet", versions: [ { lessThanOrEqual: "7.2.2", status: "affected", version: "7.2.0", versionType: "semver", }, { lessThanOrEqual: "7.0.8", status: "affected", version: "7.0.0", versionType: "semver", }, { lessThanOrEqual: "6.4.10", status: "affected", version: "6.4.0", versionType: "semver", }, { lessThanOrEqual: "6.2.11", status: "affected", version: "6.2.0", versionType: "semver", }, { lessThanOrEqual: "6.0.15", status: "affected", version: "6.0.0", versionType: "semver", }, { lessThanOrEqual: "5.6.14", status: "affected", version: "5.6.0", versionType: "semver", }, { lessThanOrEqual: "5.4.13", status: "affected", version: "5.4.0", versionType: "semver", }, { lessThanOrEqual: "5.2.15", status: "affected", version: "5.2.0", versionType: "semver", }, { lessThanOrEqual: "5.0.14", status: "affected", version: "5.0.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-197", description: "Execute unauthorized code or commands", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-02T08:18:49.444Z", orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", shortName: "fortinet", }, references: [ { name: "https://fortiguard.com/psirt/FG-IR-22-398", url: "https://fortiguard.com/psirt/FG-IR-22-398", }, ], solutions: [ { lang: "en", value: "Please upgrade to FortiOS version 7.2.3 or above\r\nPlease upgrade to FortiOS version 7.0.9 or above\r\nPlease upgrade to FortiOS version 6.4.11 or above\r\nPlease upgrade to FortiOS version 6.2.12 or above\r\nPlease upgrade to FortiOS version 6.0.16 or above\r\nPlease upgrade to upcoming FortiOS-6K7K version 7.0.8 or above\r\nPlease upgrade to FortiOS-6K7K version 6.4.10 or above\r\nPlease upgrade to FortiOS-6K7K version 6.2.12 or above\r\nPlease upgrade to FortiOS-6K7K version 6.0.15 or above\r\nPlease upgrade to FortiProxy version 7.2.2 or above\r\nPlease upgrade to FortiProxy version 7.0.8 or above\r\nPlease upgrade to upcoming FortiProxy version 2.0.12 or above", }, ], }, }, cveMetadata: { assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", assignerShortName: "fortinet", cveId: "CVE-2022-42475", datePublished: "2023-01-02T08:18:49.444Z", dateReserved: "2022-10-07T14:05:36.301Z", dateUpdated: "2024-10-23T13:27:24.950Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }