Header image overlay

Remote Code Execution vulnerability in Fortinet SSL VPN service

Our support will regularly inform you of important events here.

CVE-2022-42475: Fortinet published an advisory on an actively exploited remote code execution vulnerability affecting FortiOS via the SSL VPN service.

Remote Code Execution vulnerability in Fortinet SSL VPN service

Fortinet is aware of at least one case where this vulnerability has been successfully exploited, although other unknown cases may certainly exist.

One exploits a vulnerability to deploy malicious files on the file system of affected devices.

Moreover, as seen in a recent campaign affecting Fortinet appliances (CVE-2022-40684), attackers can execute remote code in Fortinet appliances to achieve any of the following objectives:

  • Opening and downloading the device configuration file
  • This includes and is not exclusive to cleartext rules, policies, filtering, usernames, routing configurations and encrypted passwords (encrypted via the private encryption key).
  • Creating privileged administrator accounts
  • Uploading and running scripts

Potential for widespread exploitation

According to CISA's Known Exploited Vulnerabilities Catalog, threat actors have historically used similar Fortinet vulnerabilities to gain initial access and move laterally within an organisation's environment.

We therefore also assume that hackers will continue to actively exploit this vulnerability in the short term to gain access to sensitive information, such as the device configuration file.

This is thanks to the ease of exploitation, the potential for payload and execution and the prevalence of affected Fortinet devices within enterprise environments.

 

 

Take action

This is a major vulnerability that should be addressed immediately.

Given the impact of the update process or possible complexity of other measures, we are currently in the process of contacting customers to agree or who/when to perform the upgrade(s).

Please note, if possible, perform the upgrades in a test environment first

Update FortiOS

Product  Impacted Versions  Fixed Versions 
FortiOS  v7.2.0 to v7.2.2
v7.0.0 to v7.0.8
v6.4.0 to v6.4.10
v6.2.0 to v6.2.11 
v7.2.3 or above
v7.0.9 or above
v6.4.11 or above
v6.2.12 or above 
FortiOS-6K7K   v7.0.0 to v7.0.7
v6.4.0 to v6.4.9
v6.2.0 to v6.2.11
v6.0.0 to v6.0.14 
v7.0.8 or above
v6.4.10 or above
v6.2.12 or above
v6.0.15 or above 

Workaround

Disable the SSL-VPN

Need help?

Contact us as soon as possible to fix this leak for you. You can do this by mail at support@vanroey.be or count: 014 470 600. You can also have a create a ticket.

Can't create tickets? Ask here to get an account. If our Engineer needs to remotely control your PC, he or she will ask you to run this software .