Fortinet Releases Critical Security Patches for SSL-VPN Vulnerability
On Monday, Fortinet announced the release of emergency patches responding to a significant security vulnerability discovered in its FortiOS SSL-VPN product. This vulnerability is currently experiencing active exploitation in the wild, emphasizing the urgency for organizations to apply the updates promptly.
The issue, identified as CVE-2022-42475, carries a critical CVSS score of 9.3. It pertains to a heap-based buffer overflow, which could enable an unauthenticated attacker to execute arbitrary code through specially crafted requests. Fortinet confirmed awareness of actual exploitation events, urging its users to prioritize applying the necessary patches.
The vulnerability affects multiple versions of FortiOS, specifically versions 7.2.0 to 7.2.2, 7.0.0 to 7.0.8, and 6.4.0 to 6.4.10, along with several variants in the FortiOS-6K7K series. This broad impact underscores the importance of immediate action by organizations using these versions.
Patches are now available in updated releases: FortiOS versions 7.2.3, 7.0.9, 6.4.11, and 6.2.12, alongside FortiOS-6K7K versions 7.0.8, 6.4.10, 6.2.12, and 6.0.15. Organizations are advised to ensure they are running these updated versions to mitigate risks.
In light of the recent findings, Fortinet has also published various indicators of compromise (IoCs) related to this vulnerability. These IoCs include specific IP addresses and artifacts that may persist on the file system after a successful attack, providing critical information for network defense and forensic investigations.
The current advisory follows a previous incident involving CVE-2022-40684—another critical authentication bypass vulnerability. With an even higher CVSS score of 9.6, this earlier bug also saw active exploitation targeting Fortinet products. Both advisories highlight the pressing need for organizations to maintain vigilant cybersecurity practices.
As businesses increasingly rely on network security solutions, understanding the potential tactics and techniques used by adversaries becomes paramount. In the case of this vulnerability, initial access and exploitation tactics could align with techniques categorized under the MITRE ATT&CK framework. Organizations must be aware of such tactics to effectively preempt future threats.
In summary, as Fortinet continues to identify and address vulnerabilities within its products, the cybersecurity landscape remains dynamic and potentially perilous. Business owners should prioritize their cybersecurity posture, staying informed and taking comprehensive measures to safeguard their networks against such vulnerabilities.