mickmick.net

Fortinet FortiOS Remote Code Execution Vulnerability

Release Date: 13 Dec 2022

RISK: Extremely High Risk

TYPE: Operating Systems - Networks OS

A vulnerability was identified in Fortinet FortiOS. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

 

Note:

CVE-2022-42475 is being exploited in the wild.

---

Impact

• Remote Code Execution

---

System / Technologies affected

• FortiOS version 7.2.0 through 7.2.2
• FortiOS version 7.0.0 through 7.0.8
• FortiOS version 6.4.0 through 6.4.10
• FortiOS version 6.2.0 through 6.2.11
• FortiOS-6K7K version 7.0.0 through 7.0.7
• FortiOS-6K7K version 6.4.0 through 6.4.9
• FortiOS-6K7K version 6.2.0 through 6.2.11
• FortiOS-6K7K version 6.0.0 through 6.0.14

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://www.fortiguard.com/psirt/FG-IR-22-398

---

Vulnerability Identifier

• CVE-2022-42475

---

Source

• Fortinet
• US-CERT

---

Related Link

• https://www.fortiguard.com/psirt/FG-IR-22-398
• https://www.cisa.gov/uscert/ncas/current-activity/2022/12/12/fortinet-releases-security-updates-fortios