CVE-2022-42475 PoC — Fortinet FortiOS 缓冲区错误漏洞

Source

https://github.com/bryanster/ioc-cve-2022-42475

Associated Vulnerability

Title:Fortinet FortiOS 缓冲区错误漏洞 (CVE-2022-42475)
Description:Fortinet FortiOS是美国飞塔（Fortinet）公司的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。 Fortinet FortiOS 存在安全漏洞，该漏洞源于其SSL-VPN允许未经身份认证的远程攻击者通过精心制作的恶意请求实现堆缓冲区溢出导致任意代码或命令执行。

Description

test for the ioc described for FG-IR-22-398

Readme

# ioc-cve-2022-42475
a simple util that uses ssh to check for the ioc's noted in [fortiguard](https://www.fortiguard.com/psirt/FG-IR-22-398).  
it uses ssh and runs the commands described on [fortinet forum](https://community.fortinet.com/t5/FortiGate/Technical-Tip-Critical-vulnerability-Protect-against-heap-based/ta-p/239420).  

## build
git clone the project.  
this is developed on 1.66.1.

build using cargo:   

    cargo build --release

## run
after building it runs like any other commandline utility.  

    ./ioc-cve-2022-42475


it wil return true on any of the ioc matches.

File Snapshot


 [4.0K]  /data/pocs/827eb540257f26b0ea2158cb650286135fb4339a
├── [5.0K]  Cargo.lock
├── [ 221]  Cargo.toml
├── [1.5K]  License
├── [ 591]  README.md
└── [4.0K]  src
    └── [3.5K]  main.rs

1 directory, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!