You can now find Cyber Kendra on Google News!

Fortinet Warns for New Pre-auth RCE Vulnerability Exploited in Wild

FortiOS Pre-auth RCE Vulnerability
On Monday, Fortinet issued an emergency patch for critical security vulnerabilities in its FortiOS SSL-VPN product. 

The vulnerability is now tracked as CVE-2022-42475 which has a CVSS score of 9.3 out of 10. This is a heap-based buffer overflow vulnerability in sslvpnd which has been categorized as critical because it is a Pre-Auth Remote Code Execution bug

The successful exploitation of the bug, allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Active Exploitation of New SSL-VPN

Fortinet did mention in its advisory that the company is "aware of an instance where this vulnerability was exploited in the wild", also urging its customers to apply the updates and recommends immediately validating their systems against the following indicators of compromise:

Multiple log entries with:

Logdesc="Application crashed" and msg="[...] application:sslvpnd,[...], Signal 11 received, Backtrace: [...]“

and the presence of the following artifacts in the filesystem:

/data/lib/libips.bak
/data/lib/libgif.so
/data/lib/libiptcp.so
/data/lib/libipudp.so
/data/lib/libjepg.so
/var/.sslvpnconfigbk
/data/etc/wxd.conf
/flash

The following products are impacted by the issue -

Affected Products Solutions
FortiOS version 7.2.0 through 7.2.2 Please upgrade to FortiOS version 7.2.3 or above
FortiOS version 7.0.0 through 7.0.8 Please upgrade to FortiOS version 7.0.9 or above
FortiOS version 6.4.0 through 6.4.10 Please upgrade to FortiOS version 6.4.11 or above
FortiOS version 6.2.0 through 6.2.11 Please upgrade to FortiOS version 6.2.12 or above
FortiOS-6K7K version 7.0.0 through 7.0.7 Please upgrade to FortiOS-6K7K version 7.0.8 or above
FortiOS-6K7K version 6.4.0 through 6.4.9 Please upgrade to FortiOS-6K7K version 6.4.10 or above
FortiOS-6K7K version 6.2.0 through 6.2.11 Please upgrade to FortiOS-6K7K version 6.2.12 or above
Airi Satou Accountant
FortiOS-6K7K version 6.0.0 through 6.0.14 Please upgrade to FortiOS-6K7K version 6.0.15 or above

Earlier also Fortinet warned of active exploitation of different critical authentication bypass flaws (CVE-2022-40684) in FortiOS, FortiProxy, and FortiSwitchManager having a CVSS score of 9.6.

Security researcher Will Dormann points out in a tweet that the description of CVE-2022-42475 is still marked as "reserved", even after the fix has been pushed by the vendor. 

Post a Comment