Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-42475
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
数值截断错误
Source: NVD (National Vulnerability Database)
Vulnerability Title
Fortinet FortiOS 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Fortinet FortiOS是美国飞塔(Fortinet)公司的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。 Fortinet FortiOS 存在安全漏洞,该漏洞源于其SSL-VPN允许未经身份认证的远程攻击者通过精心制作的恶意请求实现堆缓冲区溢出导致任意代码或命令执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
FortinetFortiProxy 7.2.0 ~ 7.2.1 -
FortinetFortiOS 7.2.0 ~ 7.2.2 -
II. Public POCs for CVE-2022-42475
#POC DescriptionSource LinkShenlong Link
1test for the ioc described for FG-IR-22-398https://github.com/bryanster/ioc-cve-2022-42475POC Details
2POC code to exploit the Heap overflow in Fortinet's SSLVPN daemonhttps://github.com/scrt/cve-2022-42475POC Details
3FortiOS buffer overflow vulnerabilityhttps://github.com/Amir-hy/cve-2022-42475POC Details
4Nonehttps://github.com/Mustafa1986/cve-2022-42475-FortinetPOC Details
5CVE-2022-42475 飞塔RCE漏洞 POChttps://github.com/CKevens/CVE-2022-42475-RCE-POCPOC Details
6Nonehttps://github.com/natceil/cve-2022-42475POC Details
7An exploit for CVE-2022-42475, a pre-authentication heap overflow in Fortinet networking productshttps://github.com/0xhaggis/CVE-2022-42475POC Details
8CVE-2022-42475 飞塔RCE漏洞 POChttps://github.com/3yujw7njai/CVE-2022-42475-RCE-POCPOC Details
9CVE-2022-42475 飞塔RCE漏洞 POChttps://github.com/AiK1d/CVE-2022-42475-RCE-POCPOC Details
10CVE-2022-42475 飞塔RCE漏洞 POChttps://github.com/P4x1s/CVE-2022-42475-RCE-POCPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2022-42475
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: FortiProxy
Same vendor: Fortinet
Same weakness: CWE-197
V. Comments for CVE-2022-42475

No comments yet

Leave a comment