CVE-2022-42475
| CVE Published | 2023-01-02 |
|---|---|
| Related CWE(s) | CWE-197: Numeric Truncation Error, CWE-787: Out-of-bounds Write |
| Related Vendor(s) | fortinet |
| Related Product(s) | fortiproxy, fortios |
| Exploitation Reported (CISA KEV) | 2022-12-13 |
| CVSS 3 Base Score | 9.8 (CRITICAL) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | NETWORK |
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph
Threat Reports Related to CVE-2022-42475
Cloaked and Covert: Uncovering UNC3886 Espionage Operations
This article by researchers from Google's Mandiant outlines intrusion activity by UNC3886, a suspected China-nexus cyber espionage group. The ...
PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure
Following an initial advisory issued in May 2023, this advisory from CISA, NSA and partners outlines information on the broader campaign of cyber ...
Ministry of Defence of the Netherlands uncovers COATHANGER, a stealthy Chinese FortiGate RAT
This report by the Dutch AIVD and MIVD is a cybersecurity advisory covering activity which they attribute to Chinese threat actors. The report ...