Security firm Fortinet warns of active exploitation of SSL-VPN’s pre-auth RCE vulnerability.
On Monday, Fortinet actively exploited the wild emergency patches for a severe security flaw FortiOS SSL-VPN product.
Vulnerability is tracked as CVE-2022-42475 (CVSS score: 9.3). An unauthenticated attacker can execute arbitrary code via specially crafted requests by exploiting the heap-based buffer overflow vulnerability.
In an advisory released, Fortinet said, “In FortiOS SSL-VPN, a heap-based buffer overflow vulnerability [CWE-122] could allow a remote, unauthenticated attacker to execute arbitrary code or commands through explicitly crafted requests.”
The company is aware that this vulnerability has been exploited in the wild, so they urge customers to update their appliances quickly.
The zero-day vulnerability, which was first reported Monday by Le Mag IT, can be easily exploited by attackers and give them complete control of their devices. Furthermore, Olympe Cyberdefense recommended disabling VPN-SSL functionality if it’s not necessary.
Previously also, Fortinet was on November 28th in FortOS 7.2.3(other versions of vulnerability released). However, no details are there that it is a zero-day exploit.
However, on December 12, Fortinet released a security advisory FG-IR-22-398, warning the public that the vulnerability has been exploited in the wild and that all users or customers should update to the current version of the bug.
Fortinet SSL-VPNs have been an extensive target for attackers at the intensity that the FBI and CISA issued a zealous advisory to these flaws and their exploitation in 2021. There is still a risk of nation-state actors exploiting those legacy vulnerabilities in Fortinet SSL-VPNs. Since this vulnerability has already been used, organizations need to patch CVE-2022-42475 immediately to avoid it becoming one of the many legacy VPN flaws.
As remote work increased following the COVID-19 pandemic, attacks against VPNs have increased, with multiple government warnings since 2020. Earlier this year, FortiOS was exposed to another critical vulnerability that allowed attackers to circumvent authentication and was exploited in the wild. Fortinet was one of many companies to disclose the vulnerability publicly.
The issue impacts the following products –
- FortiOS version 7.2.0 through 7.2.2
- FortiOS version 7.0.0 through 7.0.8
- FortiOS version 6.4.0 through 6.4.10
- FortiOS version 6.2.0 through 6.2.11
- FortiOS-6K7K version 7.0.0 through 7.0.7
- FortiOS-6K7K version 6.4.0 through 6.4.9
- FortiOS-6K7K version 6.2.0 through 6.2.11
- FortiOS-6K7K version 6.0.0 through 6.0.14
Switch to ESOF VMDR to secure entire IT Stack from this Vulnerability
ESOF VMDR provides vulnerability management to your complete IT stack as it can auto-remediate and auto-prioritize all vulnerabilities. From the initial level only, you should ensure that your organization is resilient from all cyberattacks. TAC Security looks forward to scrutinizing every vulnerable asset in the complete IT infrastructure with ESOF VMDR. Let’s check out its features:
- Quickly diminishes critical vulnerabilities by auto-prioritization and auto-remediation.
- Protect all the real-time files in your organization’s complete IT stack.
- Cyber Score: Improve cross-organization communication
- It is possible to find zero-day vulnerabilities according to the application’s architecture, such as the web, mobile, SCR, or infrastructure.
- Find everything on your network automation of asset inventory.
- Trigger and integrate remediation workflows.
- Get to know your OWASP and SANS vulnerabilities.
- One-click notification to know if your asset has zero-day vulnerabilities.
TAC Security got a new ESOF Prediction feature that forecasts the number of vulnerabilities in an asset and the Cyber Risk Score for the upcoming month. Therefore, you don’t have to waste time looking for lengthy reports and smoothly get the approaching month vulnerabilities. ESOF Prediction Feature predicts the following:
- Predicts monthly vulnerabilities
- Predicts Cyber Risk Score
- Predicting the vulnerabilities that may arise in the upcoming month
- Top 5 vulnerabilities
Gain visibility into your organization’s cyber risk