1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability

Known Exploited Vulnerabilities CVE-2022-42475 Mappings

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2022-42475 Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability secondary_impact T1071.001 Web Protocols
Comments
CVE-2022-42475 is a remotely-expoitable heap overflow vulnerability. Adversaries have been observed exploiting this vulnerability to deliver malicious software to the target device. This malicious software has observed anti-debugging and command and control capabilities (over HTTP).
References
  1. https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd
  2. https://cloud.google.com/blog/topics/threat-intelligence/chinese-actors-exploit-fortios-flaw
CVE-2022-42475 Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability secondary_impact T1622 Debugger Evasion
Comments
CVE-2022-42475 is a remotely-expoitable heap overflow vulnerability. Adversaries have been observed exploiting this vulnerability to deliver malicious software to the target device. This malicious software has observed anti-debugging and command and control capabilities (over HTTP).
References
  1. https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd
  2. https://cloud.google.com/blog/topics/threat-intelligence/chinese-actors-exploit-fortios-flaw
CVE-2022-42475 Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability primary_impact T1574 Hijack Execution Flow
Comments
CVE-2022-42475 is a remotely-expoitable heap overflow vulnerability. Adversaries have been observed exploiting this vulnerability to deliver malicious software to the target device. This malicious software has observed anti-debugging and command and control capabilities (over HTTP).
References
  1. https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd
  2. https://cloud.google.com/blog/topics/threat-intelligence/chinese-actors-exploit-fortios-flaw
CVE-2022-42475 Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
CVE-2022-42475 is a remotely-expoitable heap overflow vulnerability. Adversaries have been observed exploiting this vulnerability to deliver malicious software to the target device. This malicious software has observed anti-debugging and command and control capabilities (over HTTP).
References
  1. https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd
  2. https://cloud.google.com/blog/topics/threat-intelligence/chinese-actors-exploit-fortios-flaw