Vulnerability CVE-2022- 42475 FortiOS – heap-based buffer overflow in sslvpnd
Zadnjih par dana do nas dolaze vijesti i upiti oko CVE-2022-42475 ranjivosti koja je detektirana u FortiOS-u i koja može uzrokovati neovlašteno pokretanje naredbi na sustavu.
Pogođeni sustavi:
FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.10
FortiOS version 6.2.0 through 6.2.11
FortiOS version 6.0.0 through 6.0.15
FortiOS version 5.6.0 through 5.6.14
FortiOS version 5.4.0 through 5.4.13
FortiOS version 5.2.0 through 5.2.15
FortiOS version 5.0.0 through 5.0.14
FortiOS-6K7K version 7.0.0 through 7.0.7
FortiOS-6K7K version 6.4.0 through 6.4.9
FortiOS-6K7K version 6.2.0 through 6.2.11
FortiOS-6K7K version 6.0.0 through 6.0.14
Rješenje za uklanjanje ranjivosti:
Please upgrade to FortiOS version 7.2.3 or above
Please upgrade to FortiOS version 7.0.9 or above
Please upgrade to FortiOS version 6.4.11 or above
Please upgrade to FortiOS version 6.2.12 or above
Please upgrade to FortiOS version 6.0.16 or above
Please upgrade to upcoming FortiOS-6K7K version 7.0.8 or above
Please upgrade to FortiOS-6K7K version 6.4.10 or above
Please upgrade to upcoming FortiOS-6K7K version 6.2.12 or above
Please upgrade to FortiOS-6K7K version 6.0.15 or above
Fortinet je na svojim stranicama objavio i kako se zaštiti od ove ranjivosti.
Više o svemu ovome:
https://www.fortiguard.com/psirt/FG-IR-22-398
Što se tiče svih sigurnosnih problema i ranjivosti koje je FortiGuard labs otkrio na svojim ali i na ostalim ne-Fortinet uređajima predlažemo Vam da redovito posjećujete Fortinet PSIRT i Outbreak Alert stranice dostupne na: