Overview

Fortinet published critical advisory FG-IR-22-398 / CVE-2022-42475 on Dec 12, 2022. The advisory has since been updated. On January 11, 2023, the company issued a write-up detailing its initial investigation into the malware and additional IoCs found during their ongoing analysis. The exploit has been seen in the wild and its CVSS is now 9.8. This vulnerability is considered critical.While reports indicate attackers are using this exploit to attack large organizations and Government agencies, SMBs should take the time to fix this flaw while they can, and before these attackers turn their sights on smaller organizations.The complexity of this exploit indicates the attackers have an advanced capability, possibly even state-sponsored.There are patches available at Fortiguard.com:

FortiOS version 7.2.0 through 7.2.2FortiOS version 7.0.0 through 7.0.8FortiOS version 6.4.0 through 6.4.10FortiOS version 6.2.0 through 6.2.11FortiOS-6K7K version 7.0.0 through 7.0.7FortiOS-6K7K version 6.4.0 through 6.4.9FortiOS-6K7K version 6.2.0 through 6.2.11FortiOS-6K7K version 6.0.0 through 6.0.14

Sources

https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd

https://nvd.nist.gov/vuln/detail/CVE-2022-42475

https://vulcan.io/blog/how-to-fix-cve-2022-42475/