Cythera Cyber Security

Fortiguard Firewall heap-based buffer overflow Vulnerability

On December 12 Fortinet published a security bulletin for a vulnerability allowing remote execution of arbitrary code on affected firewalls to enable initial access by malicious actors.
Talk to an expert

Fortiguard Firewall heap-based buffer overflow Vulnerability

CVE: CVE-2022-42475

What is Vulnerable:

  • FortiOS version 7.2.0 through 7.2.2
  • FortiOS version 7.0.0 through 7.0.8
  • FortiOS version 6.4.0 through 6.4.10
  • FortiOS version 6.2.0 through 6.2.11
  • FortiOS-6K7K version 7.0.0 through 7.0.7
  • FortiOS-6K7K version 6.4.0 through 6.4.9
  • FortiOS-6K7K version 6.2.0 through 6.2.11
  • FortiOS-6K7K version 6.0.0 through 6.0.14

What's Happened:

On December 12 Fortinet published a security bulletin for a vulnerability allowing remote execution of arbitrary code on affected firewalls to enable initial access by malicious actors.

Fortinet have advised that this vulnerability is being exploited in the wild, and recommends that you immediately update your systems to the latest versions of FortiOS.

What you can do:


Events

Latest events

Join Cythera experts for networking events, technical briefings, and hands-on workshops hosted throughout the year.
View all events
No items found.
Cyber security news

Latest advisories

Stay ahead of emerging threats with our expert blog posts, research, and industry updates.
Silverstripe - Host Header Injection
Silverstripe CMS is affected by a Host Header Injection flaw, which can be exploited to manipulate password reset workflows, potentially redirecting or compromising user data.
FarCry Core Framework - Multiple Issues
FarCry Core contains multiple vulnerabilities that could let unauthenticated users upload arbitrary files and execute remote code on the hosting server.
Silverstripe – Cross-Site Scripting (XSS) Vulnerability
With local organisation admin credentials, an attacker can exploit the API to create, delete, or revert virtual machine snapshots in other organisations’ Virtual Data Centres (VDCs), breaching isolation boundaries.