Fortiguard Firewall heap-based buffer overflow Vulnerability

13 Dec / 2022

Cyber Security

Fortiguard Firewall heap-based buffer overflow Vulnerability

CVE: CVE-2022-42475

What is Vulnerable:

FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.10
FortiOS version 6.2.0 through 6.2.11
FortiOS-6K7K version 7.0.0 through 7.0.7
FortiOS-6K7K version 6.4.0 through 6.4.9
FortiOS-6K7K version 6.2.0 through 6.2.11
FortiOS-6K7K version 6.0.0 through 6.0.14

What's Happened:

On December 12 Fortinet published a security bulletin for a vulnerability allowing remote execution of arbitrary code on affected firewalls to enable initial access by malicious actors.

Fortinet have advised that this vulnerability is being exploited in the wild, and recommends that you immediately update your systems to the latest versions of FortiOS.

What you can do:

We strongly recommend that all customers using Fortigate Firewalls immediately upgrade to the latest version, which includes a patch for this vulnerability.
Further details on the vulnerability are available here: https://www.fortiguard.com/psirt/FG-IR-22-398
Update resources can be found here: https://docs.fortinet.com/product/fortigate/7.2
Cythera is continuing to monitor all Managed Detection and Managed Vulnerability clients.

Resources

You may be interested in

Security Legislation In Australia: Making Sense of the Options and Obligations

In the realm of cyber security, frameworks serve as the backbone for creating, enhancing, and maintaining security protocols. For Australian sec…

Does Your Organisation Need Cyber Security Training?

If you’re serious about protecting your company, then the only answer is yes! New employees are onboarded are expected to understand and abid…

Data Harvester Parading as a Legitimate Application -ZoomInfoContactContributor.exe

What is Happening?Cythera are reporting a significant increase in the installation of a potentially unwanted application called ZoomInfo Contact…