Vulnerability CVE-2022- 42475 FortiOS – heap-based buffer overflow in sslvpnd

Zadnjih par dana do nas dolaze vijesti i upiti oko CVE-2022-42475 ranjivosti koja je detektirana u FortiOS-u i koja može uzrokovati neovlašteno pokretanje naredbi na sustavu.

Pogođeni sustavi:

FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.10
FortiOS version 6.2.0 through 6.2.11
FortiOS version 6.0.0 through 6.0.15
FortiOS version 5.6.0 through 5.6.14
FortiOS version 5.4.0 through 5.4.13
FortiOS version 5.2.0 through 5.2.15
FortiOS version 5.0.0 through 5.0.14
FortiOS-6K7K version 7.0.0 through 7.0.7
FortiOS-6K7K version 6.4.0 through 6.4.9
FortiOS-6K7K version 6.2.0 through 6.2.11
FortiOS-6K7K version 6.0.0 through 6.0.14

 

Rješenje za uklanjanje ranjivosti:

Please upgrade to FortiOS version 7.2.3 or above
Please upgrade to FortiOS version 7.0.9 or above
Please upgrade to FortiOS version 6.4.11 or above
Please upgrade to FortiOS version 6.2.12 or above
Please upgrade to FortiOS version 6.0.16 or above
Please upgrade to upcoming FortiOS-6K7K version 7.0.8 or above
Please upgrade to FortiOS-6K7K version 6.4.10 or above
Please upgrade to upcoming FortiOS-6K7K version 6.2.12 or above
Please upgrade to FortiOS-6K7K version 6.0.15 or above

Fortinet je na svojim stranicama objavio i kako se zaštiti od ove ranjivosti.

Više o svemu ovome:

https://www.fortiguard.com/psirt/FG-IR-22-398

Što se tiče svih sigurnosnih problema i ranjivosti koje je FortiGuard labs otkrio na svojim ali i na ostalim ne-Fortinet uređajima predlažemo Vam da redovito posjećujete Fortinet PSIRT i Outbreak Alert stranice dostupne na:

https://www.fortiguard.com/psirt/

https://www.fortiguard.com/outbreak-alert

Share this post